Web For Pentester – What is DOM Based XSS Example 9

Web For Pentesters - Cross Site Scripting Example 1

Introduction :-

Hello friends how are you doing? This is Osama and in this example i will be covering the the Last example of Cross Site Scripting of our series of Web For Pentester.

Finally it is Over 😀 next up is MySQL Injection and that is really interesting topic to cover.

And as we move forward in this course the challenges provided in the Lab will get hard and really interesting to solve and a fun way to learn more about your own skills and how the web application works.

If you haven’t seen the previous example that we solved then here is the video reference to that post.Example-1 , Example-2 , Example-3 , Example-4 , Example -5 , Example-6 , Example-7 and Example-8 here.

Being able to find these kind of vulnerabilities in most of the web applications is the most important thing in learning ethical hacking and penetration testing and that can lead to better web penetration testing and good results to show in your reports.

Explanation :-

So this last example is a DOM XSS example. As most of you may not know what DOM Cross Site Scripting is the first question you must have had is What is DOM Based XSS ??


DOM Based XSS (or as it is called in some texts, “type-0 XSS”) is an XSS attack wherein the attack payload is executed as a result of modifying the DOM “environment” in the victim’s browser used by the original client side script, so that the client side code runs in an “unexpected” manner. That is, the page itself (the HTTP response that is) does not change, but the client side code contained in the page executes differently due to the malicious modifications that have occurred in the DOM environment.

This is in contrast to other XSS attacks (stored or reflected), wherein the attack payload is placed in the response page (due to a server side flaw).

Please note research from David Wichers seeking to reclassify DOM XSS more strictly as CLIENT SIDE XSS. https://www.owasp.org/index.php/Types_of_Cross-Site_Scripting#DOM_Based_XSS_.28AKA_Type-0.29

This the best Definition of DOM based XSS so one thing that i want to make clear is that while testing for DOM XSS you should try testing it on different versions of web browsers as it does depend on that.

Testing Tools and Techniques

Minded Security has been doing some significant research into DOM based XSS. They are working on two projects to help with DOM Based XSS:

1. The DOMinator Tool – A commercial tool based on the Firefox browser with modified Spidermonkey Javascript engine that helps testers identify and verify DOM based XSS flaws

See: https://dominator.mindedsecurity.com/ (https://github.com/wisec/DOMinator for the open source part)

2. The DOM XSS Wiki – The start of a Knowledgebase for defining sources of attacker controlled inputs and sinks which could potentially introduce DOM Based XSS issues. Its very immature as of 11/17/2011. Please contribute to this wiki if you know of more dangerous sinks and/or safe alternatives!!

See: http://code.google.com/p/domxsswiki/

3. DOM Snitch – An experimental Chrome extension that enables developers and testers to identify insecure practices commonly found in client-side code. From Google.

See: http://code.google.com/p/domsnitch/

These are the most use full tools developed for testing for DOM Based XSS so do check them out as they are of great help and use while you advance in this.

For More Information on this you can check out OWASP Security Site .

Example :-

For the last challenge the existing javascript is looking for the anchor # to write the url inside the page. We can exploit this by putting the xss payload inside the url after the anchor.

http://[yourlab]/xss/example9.php#<your payload>

Mostly this payload work best with DOM


Here is the video of the Example with explanation.

There we have all the XSS examples from Web for Pentester I. Tune in next time for some of the other examples.


Please enter your comment!
Please enter your name here