DOM XSS

DOM stands for Document Object Model and is a programming interface for HTML and XML documents

Represents the page so that programs can change the document structure, style and content - Always remeber every webpage is a document, it's either displayed via the browser windows or as the HTML source

Exploitation

DOM Based XSS is where the JavaScript code execution happens directly in the browser without any new pages being loaded or data submitted to backend code

The Execution or the way to trigger occurs when the website JavaScript code acts on input or user interaction

Example Scenario

The website's JavaScript gets the contents from the window.location.hash parameter and then writes that onto the page in the currently being viewed section

• The contents of the hash aren't checked for malicious code / they aren't sanitized properly, hence they allow an attacker to inject JavaScript of their choosing onto the webpage

Impact

Crafted links could be sent to victims, redirecting them to another website or steal content from the page or the user's session

How to test them ?

DOM Based XSS can be challenging to test for and requires a certain amount of knowledge of JavaScript to read the source code

• We would need to look for parts of the code that access certain variables that an attacker can have control over, such as "window.location.x" parameters

When we've found those bits of code, we would then need to see how they are handled and whether the values are ever written to the web page's DOM or passed to unsafe JavaScript methods such as eval()

Attackers can use the eval() function in various ways to execute malicious code. For example, an attacker could inject JavaScript code into a website's search or input fields that uses eval() to execute the code when the input is processed. This can lead to the execution of arbitrary code on the victim's browser, potentially allowing the attacker to steal sensitive data, take control of the victim's account, or perform other malicious action