DOM XSS
Last updated
Last updated
DOM stands for Document Object Model and is a programming interface for HTML and XML documents
Represents the page so that programs can change the document structure, style and content - Always remeber every webpage is a document, it's either displayed via the browser windows or as the HTML source
DOM Based XSS is where the JavaScript code execution happens directly in the browser without any new pages being loaded or data submitted to backend code
The Execution or the way to trigger occurs when the website JavaScript code acts on input or user interaction
The website's JavaScript gets the contents from the window.location.hash
parameter and then writes that onto the page in the currently being viewed section
The contents of the hash aren't checked for malicious code / they aren't sanitized properly, hence they allow an attacker to inject JavaScript of their choosing onto the webpage
Crafted links could be sent to victims, redirecting them to another website or steal content from the page or the user's session
DOM Based XSS can be challenging to test for and requires a certain amount of knowledge of JavaScript to read the source code
We would need to look for parts of the code that access certain variables that an attacker can have control over, such as "window.location.x" parameters
When we've found those bits of code, we would then need to see how they are handled and whether the values are ever written to the web page's DOM or passed to unsafe JavaScript methods such as eval()
Attackers can use the
eval()
function in various ways to execute malicious code. For example, an attacker could inject JavaScript code into a website's search or input fields that useseval()
to execute the code when the input is processed. This can lead to the execution of arbitrary code on the victim's browser, potentially allowing the attacker to steal sensitive data, take control of the victim's account, or perform other malicious action