DOM-based XSS - via URL



  • I have a website that I am testing but I am pretty new to all of this security stuff and would appreciate some help!.

    I have a url similar to the following:

    http://testurl?nexturl=whatever
    

    The nexturl parameter determines what url should be displayed after something has happened.

    I'm trying to test for XSS vulnerabilities and have disabled URL filtering in my browser. I am trying to replace the whatever with something like

    <script>alert(1)</script>
    

    and if I view the page source code I see "nextUrl=

    " in it. However, I do not see an alert when the "something has happened".</p>
    <p>Is there some better piece of javaScript I can put in to the URL to see if it is executed?</p>


  • Since that's expecting a url (and not HTML tags), have you tried a javascript url?

    javascript:alert(1)
    

    Also, are you only testing for XSS, or would you also be interested in open redirect issues?

    Legitimate sites that a user trusts with arbitrary redirects like that are great for phishing attacks!

    Consider that I get an email with a link:

    https://yoursite.com/account?nexturl=https://evilsite.com/passwordcollector
    

    I use yoursite.com, I'm happy to log in and view my account! Then after interacting with it, it takes me back to the login page. Weird, I though I'd already logged in, oh well, guess I'll log in again ...



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2