Notice the search function and perform a DOM Based XSS or “Client Side XSS” attack to see if it is vulnerable.

First, we perform a standard search.

Copy to Clipboard

From our standard search, we notice that the search query parameter (query string) is:

q=

Let’s craft our Client Side XSS attack using the search query parameter and the JavaScript code included from the Score Board page.

Copy to Clipboard
Jesse Shelley