Client XSS Exercise-2
Data Flow
| Source of Data | Data from Source | Data to Sink | Sink causing Execution | |||
|---|---|---|---|---|---|---|
| document.referrer | HTMLElement.innerHTML |
Vulnerable Code
let rfr = document.referrer;
let paramValue = unescape(getPayloadParamValueFromUrl(rfr));
if (paramValue.length > 0) {
let msg = "Welcome <b>" + paramValue + "</b>!!";
document.getElementById("msgboard").innerHTML = msg;
} else {
document.getElementById("msgboard").innerHTML = "Parameter named <b>payload</b> was not found in the referrer.";
}