Cross-Site Scripting (XSS) vulnerability in dnsAlert function #60
Description
Bug Type
Security
Reproduction steps
Create a new HTML file and include the vulnerable JavaScript code.
Open the HTML file in a web browser.
In the web browser's address bar, enter the following payload as the "message" parameter of the "dnsAlert" function:
<script>alert('You have been hacked!');</script>
Press the Enter key to execute the payload.
The crafted alert message will be displayed, and the attacker's code will be executed.
Actual result
The "message" parameter of the dnsAlert function is not sanitized, allowing an attacker to inject malicious JavaScript code.
Expected result
The "message" parameter of the dnsAlert function should sanitize any user input to prevent the injection of malicious JavaScript code.
Suggested Severity
Vulnerability
Device
Desktop (please complete the following information):
- Windows 10
- Microsoft Edge
Additional Context
POC:
Create a new HTML file and include the vulnerable JavaScript code.
Open the HTML file in a web browser.
In the web browser's address bar, enter the following payload as the "message" parameter of the "dnsAlert" function:
<script>alert('You have been hacked!');</script>
Press the Enter key to execute the payload.
The crafted alert message will be displayed, and the attacker's code will be executed.
dnsAlert('<img src=x onerror=alert(document.cookie)>', 'Ok', () => {}); - The vulnerability is caused by the use of the innerHTML property to set the content of the alert message. This allows an attacker to inject arbitrary HTML and JavaScript code into the message, which is then executed by the victim's browser when the alert is displayed.