{"id":62,"date":"2021-04-30T01:21:00","date_gmt":"2021-04-29T18:21:00","guid":{"rendered":"https:\/\/n45ht.or.id\/blog\/?p=62"},"modified":"2024-12-14T01:26:23","modified_gmt":"2024-12-13T18:26:23","slug":"reflected-dom-based-xss-on-domainesia","status":"publish","type":"post","link":"https:\/\/n45ht.or.id\/blog\/reflected-dom-based-xss-on-domainesia\/","title":{"rendered":"Reflected DOM-based XSS on DomaiNesia"},"content":{"rendered":"\n

In this article, I\u2019ll walk you through how I discovered a Reflected DOM-based Cross-site Scripting (XSS)<\/strong> vulnerability on the DomaiNesia<\/strong> website using BurpSuite<\/strong>. DOM-based XSS vulnerabilities occur when malicious scripts are executed as a result of user input being reflected directly in the Document Object Model (DOM) without proper sanitization or escaping.<\/p>\n\n\n\n

Step 1: Scanning the Target<\/h3>\n\n\n\n

To begin, I opened BurpSuite<\/strong> and configured it to scan the DomaiNesia<\/strong> website. BurpSuite is a powerful web vulnerability scanner that helps identify potential security issues on web applications. I started by navigating to the Burp Scanner tab and running a scan on the target domain: domainesia.com<\/code>.<\/p>\n\n\n\n

Initial Scan:<\/strong> After a few moments of scanning, BurpSuite displayed an alert showing a potential Cross-site Scripting (XSS)<\/strong> vulnerability on the website.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Step 2: Reviewing the XSS Vulnerability<\/h3>\n\n\n\n

BurpSuite\u2019s scanner provided detailed information about the vulnerability, including the affected page and the nature of the XSS issue. The vulnerability was identified as a Reflected DOM-based XSS<\/strong>, meaning that user input (such as URL parameters) was being reflected in the page’s DOM and executed as JavaScript without being properly sanitized.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Step 3: Server Response<\/h3>\n\n\n\n

Here\u2019s the response I received from the DomaiNesia server. It confirmed that user input was being reflected back to the browser without proper escaping or validation, creating the opportunity for XSS attacks.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Step 4: Testing the Vulnerability<\/h3>\n\n\n\n

To test the vulnerability further, I opened the URL directly in my browser. This helped me confirm that the XSS was indeed reflected in the DOM when the page was loaded with a malicious payload in the URL. This means that any user who visits the URL with the payload could have JavaScript executed in their browser, potentially leading to session hijacking, phishing attacks, or data exfiltration.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

By using BurpSuite\u2019s scanning features and manually validating the response, I was able to identify and confirm the Reflected DOM-based XSS vulnerability<\/strong> on DomaiNesia. This type of vulnerability is critical because it allows attackers to inject arbitrary JavaScript into a page, which can then be executed in the context of other users’ browsers.<\/p>\n\n\n\n

I have reported the issue to the DomaiNesia team, and I hope they address it promptly to improve the security of their platform.<\/p>\n\n\n\n

#HappyHacking<\/p>\n","protected":false},"excerpt":{"rendered":"

In this article, I\u2019ll walk you through how I discovered a Reflected DOM-based Cross-site Scripting (XSS) vulnerability on the DomaiNesia website using BurpSuite. DOM-based XSS vulnerabilities occur when malicious scripts are executed as a result of user input being reflected directly in the Document Object Model (DOM) without proper sanitization or escaping. Step 1: Scanning […]<\/p>\n","protected":false},"author":3,"featured_media":63,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[21],"tags":[23,9,8],"class_list":["post-62","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-research","tag-bug-bounty","tag-cross-site-scripting","tag-xss"],"_links":{"self":[{"href":"https:\/\/n45ht.or.id\/blog\/wp-json\/wp\/v2\/posts\/62","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/n45ht.or.id\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/n45ht.or.id\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/n45ht.or.id\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/n45ht.or.id\/blog\/wp-json\/wp\/v2\/comments?post=62"}],"version-history":[{"count":1,"href":"https:\/\/n45ht.or.id\/blog\/wp-json\/wp\/v2\/posts\/62\/revisions"}],"predecessor-version":[{"id":68,"href":"https:\/\/n45ht.or.id\/blog\/wp-json\/wp\/v2\/posts\/62\/revisions\/68"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/n45ht.or.id\/blog\/wp-json\/wp\/v2\/media\/63"}],"wp:attachment":[{"href":"https:\/\/n45ht.or.id\/blog\/wp-json\/wp\/v2\/media?parent=62"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/n45ht.or.id\/blog\/wp-json\/wp\/v2\/categories?post=62"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/n45ht.or.id\/blog\/wp-json\/wp\/v2\/tags?post=62"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}