Notice the search function and perform a DOM Based XSS or “Client Side XSS” attack to see if it is vulnerable.

First, we perform a standard search.

Copy to Clipboard

From our standard search, we notice that the search query parameter (query string) is:

q=

Let’s craft our Client Side XSS attack using the search query parameter and the JavaScript code included from the Score Board page.

Copy to Clipboard
Jesse Shelley
Latest posts by Jesse Shelley (see all)