[5/6] Level 5: DOM-Based XSS

Mission Description

This level demonstrates DOM-based XSS, where the vulnerability exists entirely in client-side code. The application uses location.hash to dynamically update content without proper sanitization.

Mission Objective: Use the URL hash fragment to execute JavaScript.

Email Signup

✓ Level Complete! You successfully exploited a DOM-based XSS vulnerability.

Hints

The application reads from location.hash and uses it to display a welcome message. Try adding #welcome to the URL.
The hash value is being inserted with innerHTML. Can you inject HTML that will execute JavaScript?
Try this URL: #<img src=x onerror="alert('XSS')">
function checkHash() {
  if (location.hash) {
    const message = location.hash.substring(1);
    const confirmation = document.getElementById('confirmation');
    
    // VULNERABLE: DOM-based XSS via location.hash
    confirmation.innerHTML = decodeURIComponent(message);
    confirmation.classList.add('show');
  }
}

// Check on load and hash change
window.addEventListener('load', checkHash);
window.addEventListener('hashchange', checkHash);