BOOK THIS SPACE FOR ADARTICLE AD
Have you ever wondered how hackers find bugs on websites? What does it take to hunt for bugs and responsibly disclose them? In this article, we will be focusing mainly on a single bug called DOM-based XSS (cross-site scripting), which is found very often on web pages.
This XSS bug alone has paid out 4.2 million dollars to hackers on the HackerOne platform, according to 2020 statistics.
After reading this article, you will be able to find this bug faster. You will understand how to attack it in a real-world scenario and what tools to use.
Security Measures by Browser.
Same-Orgin-Policy is a security measure taken by the browser. According to it, one web page cannot access data from another webpage. It’s possible only if both pages have the same origin.
An origin consists of a URI scheme, domain, and port number. These measures block the malicious script from one page accessing sensitive data on another page from the DOM. XSS poses a serious threat to this security mechanism.
DOM [Document Object Model] Based Attack Vector
What is DOM?
Imagine a blueprint or map for a house. The HTML we see on websites is like this blueprint. The DOM is like a dynamic, interactive version of the blueprint.
We can make changes like rearranging furniture in the house or adding new items without altering the original blueprint.
Likewise, the DOM (Document Object Model) allows you to manipulate and interact with the structure of the webpage. It does not modify the underlying HTML code. The following diagram explains how DOM is structured like a tree.
Example of DOM manipulation: We can change the content of an element using its ID.// HTML: <p id="demo">Hello, World!</p>
document.getElementById("demo").innerHTML = "Welcome to the DOM!";