Client XSS Sources


URL-based DOM Property Sources

# DOM Property Value
1 location https://domgo.at/cxss/sources/somevalue
2 location.href https://domgo.at/cxss/sources/somevalue
3 location.pathname /cxss/sources/somevalue
4 location.search
5 location.hash
6 document.URL https://domgo.at/cxss/sources/somevalue
7 document.documentURI https://domgo.at/cxss/sources/somevalue
8 document.baseURI https://domgo.at/cxss/sources/somevalue


Navigation-based DOM Property Sources

# DOM Property Value
1 window.name Not set!
2 document.referrer Not set!


Communication based Sources

# Communication Type Value
1 Ajax (XMLHTTPRequest/Fetch) Some data via Ajax
2 WebSocket No messages recieved!
3 Window Messaging Some message from iframe via Window message


Storage-based Sources

# Store Type Key Value
1 Cookie - Param=CookieValue
2 LocalStorage TestKey Test Value stored in LocalStorage
3 SessionStorage TestKey Test Value stored in SessionStorage