Passion
  • What is this GitBook about ?
  • Privilege Escalation
    • Linux
    • Windows
  • Network Security
    • Port Scanning
    • DNS Enumeration
    • FTP Enumeration
    • SSH Enumeration
    • SMB Enumeration
    • SMTP Enumeration
    • POP3 Enumeration
  • Checklists
    • Active Directory Security
    • OS Command Injection
    • Buffer Overflow
    • Broken Access Control
    • Local File Inclusion
    • SSRF
    • XXE Attacks
    • SQL Injection
    • XSS
  • WebApp Security
    • Local File Inclusion
    • File Upload Attacks
      • IIS Server File Upload
      • Escaping Sandbox via File Upload
    • Broken Access Control
      • Vertical PrivEsc
      • Horizontal PrivEsc
      • Horizontal => Vertical
    • OS Command Injection
    • SSTI
      • Finding the Injection Point
      • Indentification
      • Exploitation
    • XXE Attacks
      • XXE to LFI
      • XXE to SSRF
      • XXE via File upload
      • XInclude Attacks
      • Blind XXE Attacks
        • Identification
        • Exploitation
        • Blind XXE to LFI
        • Blind XXE by defining Local DTD
    • SQL Injection
    • Server Side Request Forgery
      • Various Attack Methods
      • Exploiting Blind SSRF
    • OAuth Attacks
      • In Password-Based Logins
    • XSS
      • Reflected XSS
      • Stored XSS
      • DOM XSS
      • Blind XSS
      • Perfecting our Payload
      • Exploiting Blind XSS
  • WebApp Mitigations
    • SSTI
  • Docker Security
    • Configuration
    • Ngnix Deployment
  • ☁️Cloud Security
    • AWS
      • Cloud Breach S3
      • IAM PrivEsc - RollBack
      • IAM PrivEsc - Attachment
Powered by GitBook
On this page
  • Exploitation
  • Example Scenario
  • Impact
  • How to test them ?
  1. WebApp Security
  2. XSS

DOM XSS

PreviousStored XSSNextBlind XSS

Last updated 2 years ago

DOM stands for Document Object Model and is a programming interface for HTML and XML documents

Represents the page so that programs can change the document structure, style and content - Always remeber every webpage is a document, it's either displayed via the browser windows or as the HTML source

Exploitation

DOM Based XSS is where the JavaScript code execution happens directly in the browser without any new pages being loaded or data submitted to backend code

The Execution or the way to trigger occurs when the website JavaScript code acts on input or user interaction

Example Scenario

The website's JavaScript gets the contents from the window.location.hash parameter and then writes that onto the page in the currently being viewed section

  • The contents of the hash aren't checked for malicious code / they aren't sanitized properly, hence they allow an attacker to inject JavaScript of their choosing onto the webpage

Impact

Crafted links could be sent to victims, redirecting them to another website or steal content from the page or the user's session

How to test them ?

DOM Based XSS can be challenging to test for and requires a certain amount of knowledge of JavaScript to read the source code

  • We would need to look for parts of the code that access certain variables that an attacker can have control over, such as "window.location.x" parameters

When we've found those bits of code, we would then need to see how they are handled and whether the values are ever written to the web page's DOM or passed to unsafe JavaScript methods such as eval()

Attackers can use the eval() function in various ways to execute malicious code. For example, an attacker could inject JavaScript code into a website's search or input fields that uses eval() to execute the code when the input is processed. This can lead to the execution of arbitrary code on the victim's browser, potentially allowing the attacker to steal sensitive data, take control of the victim's account, or perform other malicious action