I have the following Javascript code:
my_js.js
I call it like this:
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<script src="my_js.js" type="text/javascript"></script>
<script>
var l=window.location+'';
_IFPC.processRequest(l.substring(l.indexOf('#')+1));
</script>
<title></title>
</head>
<body>
</body>
</html>
Please help me.
Is this code vulneurabel to DOM Xss? everyone is telling me this it is vulneurable! but i don't know how?
Can any one help me develop a poc for me (like `alert(2)) , please suggest a way. Thank you.
Aucun commentaire:
Enregistrer un commentaire