Reflected DOM vulnerabilities occur when the server-side application processes data from a request and echoes the data in the response.
- In Burp Suite, go to the Proxy tool and make sure that the Intercept feature is switched on.
- Back in the lab, go to the target website and use the search bar to search for a random test string, such as
"XSS". - Return to the Proxy tool in Burp Suite and forward the request.
- On the Intercept tab, notice that the string is reflected in a JSON response called
search-results. - From the Site Map, open the
searchResults.jsfile and notice that the JSON response is used with aneval()function call. - By experimenting with different search strings, you can identify that the JSON response is escaping quotation marks. However, backslash is not being escaped.
- To solve this lab, enter the following search term:
\"-alert(1)}//