DOM, Duh-DOM DOM DOM!!
DOM-based XSS should inspire fear and panic in ill-prepared or unprotected web application environments and the teams responsible. As we discussed in Chapter 6, Infiltrating Sessions via Cross-Site Scripting, most XSS attacks exploit a lack of input validation to insert scripts (typically JavaScript) to impact how clients interpret or interact with the site. DOM-based attacks are a subset of those that impact the client's browser, where the DOM resides, to maintain its local view of what the application is doing and presenting. By embedding scripts, users can of course impact the behavior of the client, but the variety of goals and objectives is staggering, and the tool's robust (the Browser Exploit Framework (BeEF ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access