Help regarding - DOM XSS and Link manipulation(DOM based)

335 views

Skip to first unread message

unread,

Sep 18, 2015, 1:26:21 AM9/18/15

to null-...@googlegroups.com

Dear All,

I want to confirm manually DOM XSS and Link manipulation which is DOM based.

Case 1 : DOM based

URL contains a DOM element ID,it is being used by JS to add CSS on it.

Response is as below and it is reported in burp.

e||(e=$(location).attr("hash")),$(".project").removeClass("selected"),$(e).addClass("selected")}

Please suggest to reconfirm it.

Case 2 : Link Manipulation(DOM based)

URL contains window.location.href and it is being used only to compare the current window URL with another one.

Can we consider it as flase positive?

Regards,

Shivakumar S T

unread,

Sep 21, 2015, 2:16:10 AM9/21/15

to null-...@googlegroups.com

Dear All,

Any suggestions or ideas ???

Please help me in this.

Regards,

Shivakumar S T

Reply all

Reply to author

Forward

0 new messages