gusgxrha gusgxrha - 2 months ago 25
HTML Question

Input form to demonstrate XSS

I would like to use an input form to demonstrate XSS locally using HTML and JavaScript. The issue is that after passing the parameters via URL and getting it in the JavaScript code, it does not execude. I know that it doesn't execute because I do not reload the DOM.

How am I supposed to do this?

Currently my code looks like this:



<!DOCTYPE html>
<html>
<head>
<title>XSS</title>
<script type="text/javascript" src="http://code.jquery.com/jquery-latest.min.js"></script>
</head>
<body>
<form method="GET" action="test.html">
<input type="text" name="search" id="search">
<input type="submit" value="Senden">
</form>
</body>
</html>







<!doctype html>
<html>
<head>
<script type="text/javascript" src="http://code.jquery.com/jquery-latest.min.js"></script>
</head>
<body>
<input type="text" name="search" id="search">
<a href="start.html">Start</a>
</body>
<script>
function getParameterByName(name) {
name = name.replace(/[\[]/, "\\[").replace(/[\]]/, "\\]");
var regex = new RegExp("[\\?&]" + name + "=([^&#]*)"),
results = regex.exec(location.search);
return results === null ? "" : decodeURIComponent(results[1].replace(/\+/g, " "));
}
var x = getParameterByName('search');
$('input[type="text"]').val(x);
</script>
</html>





Thanks in advance.

Answer

To demonstrate de XSS vulnerability you need to evaluate the string from the URL not to set it to the input

try to test with <script>alert('test')</script>

<!doctype html>
<html>
<head>
    <script type="text/javascript" src="https://code.jquery.com/jquery-latest.min.js"></script>
</head>
<body>
      <input type="text" name="search" id="search">
      <a href="start.html">Start</a>
      <script>
    function getParameterByName(name) {
        name = name.replace(/[\[]/, "\\[").replace(/[\]]/, "\\]");
        var regex = new RegExp("[\\?&]" + name + "=([^&#]*)"),
            results = regex.exec(location.search);
        return results === null ? "" : decodeURIComponent(results[1].replace(/\+/g, " "));
    }
    $(function(){
    var x = getParameterByName('search');
    $('input[type="text"]').after(x);//or eval(x);
    });
</script>
</body>

</html>