Client XSS Exercise-9


Data Flow

Source of Data Data from Source Data to Sink Sink causing Execution
location.hash HTMLElement.innerHTML
window.name

Vulnerable Code


    let hash = location.hash;
    let hashValueToUse = hash.length > 1 ? unescape(hash.substr(1)) : hash;

    if (hashValueToUse.indexOf("=") > -1 ) {
        
        hashValueToUse = hashValueToUse.substr(hashValueToUse.indexOf("=") + 1);
        
        if (hashValueToUse.length > 1) {
            hashValueToUse = hashValueToUse.substr(0, 10);
            hashValueToUse = hashValueToUse.replace(/"/g, """);
            let windowValueToUse = window.name.replace(/"/g, """);
            let msg = "<a href=\"" + hashValueToUse + windowValueToUse + "\">Welcome</a>!!";
            document.getElementById("msgboard").innerHTML = msg;
        }
    }