Client XSS Exercise-8


Data Flow

Source of Data Data from Source Data to Sink Sink causing Execution
location.hash HTMLElement.innerHTML

Vulnerable Code


    let hash = location.hash;
    let hashValueToUse = hash.length > 1 ? unescape(hash.substr(1)) : hash;

    if (hashValueToUse.indexOf("=") > -1 ) {
        hashValueToUse = hashValueToUse.substr(hashValueToUse.indexOf("=")+1);
        hashValueToUse = hashValueToUse.replace(/</g, "&lt;").replace(/>/g, "&gt;");
        let msg = "<a href='#user=" + hashValueToUse + "'>Welcome</a>!!";
        document.getElementById("msgboard").innerHTML = msg;
    }