Adm1n

Introduction:  In this post, we’ll explore a Stored Cross-Site Scripting (XSS) vulnerability where malicious input is stored in a web application and later reflected in an anchor (`<a>`) tag’s `href` attribute. While double quotes (`”`) are HTML-encoded, the attacker can still inject…

Introduction  In this post, we’ll dissect a common Cross-Site Scripting (XSS) vulnerability where user input is reflected into an HTML attribute, but angle brackets (`<`, `>`) are HTML-encoded. This scenario is often encountered in web applications that attempt to sanitize…

Vulnerability Type: DOM-based Cross-Site Scripting (XSS)    Attack Vector  The vulnerable application uses jQuery to dynamically process the URL fragment identifier (`#`) and injects it unsafely into the DOM. By exploiting the `hashchange` event, an attacker can trigger malicious JavaScript execution when…

Introduction:  In this post, we’ll explore a Stored Cross-Site Scripting (XSS) vulnerability where malicious input is stored in a web application and later reflected in an anchor (`<a>`) tag’s `href` attribute. While double quotes (`”`) are HTML-encoded, the attacker can…

Vulnerability Type: DOM-based Cross-Site Scripting (XSS)  Attack Vector The vulnerable application dynamically sets the `href` attribute of an anchor (`<a>`) tag using untrusted input from `location.search` (URL parameters) without proper sanitization. By injecting a `javascript:`pseudo-protocol payload, an attacker can execute…

Vulnerability Type: DOM-based Cross-Site Scripting (XSS)  Attack Vector The vulnerable application dynamically injects user-controlled input from `location.search` (URL parameters) into the DOM using the `innerHTML` property, without proper sanitization. This allows an attacker to inject arbitrary HTML/JavaScript, leading to script…