Task
This lab demonstrates a reflected DOM vulnerability. Reflected DOM vulnerabilities occur when the server-side application processes data from a request and echoes the data in the response. A script on the page then processes the reflected data in an unsafe way, ultimately writing it to a dangerous sink.
To solve this lab, create an injection that calls the alert() function.
Attempt
Open a burp browser and turn on DOM invader. This makes DOM XSS easier. Next, put a canary into the search box. DOM invader should show the sink:
Click Stack Trace and go to Console. You can find the .js file containing the sink. The line where the sink is used flashes. Clicking the line number adds a break point there. (The number gets highlighted in blue)
Reload the page and the execution stops at the break point. Hover the cursor and you can see how your input is handled.
The payload need to break out of the "". When you add ", \ automatically gets added but you can cancel \ by adding an extra \. Also you need to comment out the unnecessary trail.
So the payload would be:
\"-alert(1)}//
It’s better to check it in burp suit because it’s easier to see the payload actually breaks out:
Remove the break point and reload. The payload will be executed.