+1 (512) 588 6950
1. What is the DOM?
The Document Object Model (DOM) is a web browser’s hierarchical representation of the elements on the page.
an attacker-controllable value
, known as a source
, and passes
known as a sink.
2. What is DOM-based cross-site scripting (XSS)?
that supports dynamic code execution
, such as eval()
3. How to Exploit DOM-Based XSS
The most common source for DOM XSS is the URL
, which is typically accessed with the window.location
An attacker can construct a link to send a victim to a vulnerable page with a payload in the query string and fragment portions of the URL.
In some cases targeting a 404 page or a website running PHP
, the payload can also be placed in the path.
We Have Found a Script that Contains an
addEventListener() call that listens for the Message
2. Store the below Payload in the Exploit Server’s Body and click Deliver it to the Victim. Make sure to add your LAB ID in the below Payload