What Does This JS Code Do and How to Exploit?

Hello hunters,

I came across these codes and I think a XSS exploit can be squeeze out of here but I don’t understand what this code does exactly. So I couldn’t write any successful XSS payload.

var hashvalue = window.location.hash.substring(1);
var i = $("[id *= ‘" + hashvalue + "’]");

Can you explain (specifically the role of * , $ and [ ] signs) the code a bit more?
I am not that good at JS so don’t judge me too much :slight_smile:

Thanks in advance

Hi,

var hashvalue = window.location.hash.substring(1);

extracts hash value from the URL, without actually # sign (substring() call starts from first sign, but chars in strings are indexed started from 0, so what you get is a part of url hash starting from first char after #).

So let’s say you’ve got an url:

http://server.com/somepage#test

When first line of your code runs, variable hashvalue equals ‘test’

Second line of code actually assigns to variable named i an element (I assume $ is global reference to jQuery, which is typical)

So:

var i = $("[id *= '" + hashvalue + "']");

means: "find in DOM tree an element, which id attribute equals ‘test’

So if you have DOM fragment like this:

<div id="test">Test div</div>

exactly this element becomes value of i variable.

I hope it helps you a little bit :slight_smile:

Happy hunting!

2 Likes

Thanks for explanation bl4de. Still can’t find a DOM XSS payload :frowning:

Yeah, this is not the code where DOM XSS exists unfortunately.
hashvalue is not evaluated anywhere, so you won’t be able to inject anything here

1 Like

One of your question was the role of * in:

id *= “some values”
is equal to: id = id * "some values"

It is equal to a += b that is a = a + b and so.

I guess the $ is part of the syntax of JQuery regarding to asing values to variables.
And the brackets [ ] are part of some of the generated value. If you see they are part of concatenation.

I’m not master of JS, I just have some knowledge about programming and I don’t remember where I read about JQuery and it looks like that.

Have a good day and happy hacking!

1 Like