> ## Documentation Index
> Fetch the complete documentation index at: https://rootea.es/llms.txt
> Use this file to discover all available pages before exploring further.

# DOM XSS in document.write sink using source location.search

> PortSwigger Web Security Academy lab: DOM XSS in document.write sink using source location.search. Tema: Cross-Site Scripting (XSS).

# DOM XSS in document.write sink using source location.search

<p className="machine-summary"><span className="prompt"><code>\$ tldr</code></span> PortSwigger · Cross-Site Scripting (XSS)</p>

<div className="machine-meta">
  | ·           | ·                                                                                                    |
  | ----------- | ---------------------------------------------------------------------------------------------------- |
  | Plataforma  | PortSwigger Web Security Academy                                                                     |
  | Tema        | Cross-Site Scripting (XSS)                                                                           |
  | Dificultad  | <span className="dbadge dbadge-easy">APPRENTICE</span>                                               |
  | Lab oficial | [Abrir](https://portswigger.net/web-security/cross-site-scripting/dom-based/lab-document-write-sink) |
</div>

## Resolver el lab

| Idioma  | Autor           | Formato | Enlace                                                                                               |
| ------- | --------------- | ------- | ---------------------------------------------------------------------------------------------------- |
| 🇬🇧 EN | **PortSwigger** | Texto   | [Abrir](https://portswigger.net/web-security/cross-site-scripting/dom-based/lab-document-write-sink) |

## Recursos por skill

| Skill                       | Fuente      | Enlace                                                                                      |
| --------------------------- | ----------- | ------------------------------------------------------------------------------------------- |
| Cross-Site Scripting (XSS)  | HackTricks  | [Abrir](https://book.hacktricks.wiki/en/pentesting-web/xss-cross-site-scripting/index.html) |
| Cross-Site Scripting (XSS)  | PortSwigger | [Abrir](https://portswigger.net/web-security/cross-site-scripting)                          |
| Remote Code Execution (RCE) | HackTricks  | [Abrir](https://book.hacktricks.wiki/en/pentesting-web/command-injection.html)              |

## Skills relacionadas

[Cross-Site Scripting (XSS)](/skills/xss) · [Remote Code Execution (RCE)](/skills/rce)

***

## Comentarios y truquillos

¿Has resuelto el lab por una vía distinta? Compártela aquí — los comentarios viven en [GitHub Discussions](https://github.com/FFuson/HTB_Writeups/discussions).

<div className="rootea-giscus-wrap" data-giscus-term="lab:cross-site-scripting-dom-based-document-write-sink" data-giscus-lang="es" />

*Última actualización: 2026-05-08*

<script type="application/ld+json">
  {`{"@context":"https://schema.org","@type":"TechArticle","name":"DOM XSS in document.write sink using source location.search","headline":"DOM XSS in document.write sink using source location.search — PortSwigger lab index","url":"https://rootea.es/portswigger/labs/cross-site-scripting/dom-based-document-write-sink","inLanguage":"es","about":[{"@type":"Thing","name":"PortSwigger Web Security Academy"},{"@type":"Thing","name":"Cross-Site Scripting (XSS)"}],"isPartOf":{"@type":"WebSite","name":"rootea.es","url":"https://rootea.es"},"author":{"@type":"Organization","name":"rootea.es"}}`}
</script>
