Document Object Model (DOM) Injection


Overview

DOM Injection may occcur when the web page uses DOM manipulation to update the HTML of the page in response to user input. This is typically done using JavaScript.

YouTubeVideo Tutorials

Discovery Methodology

Locate pages which use DOM manipulation to update the page without returning to the server. This can often be detected when a client proxy such as Burp does NOT intercept a request when a page updates.

Exploitation

Inject the field or event from which the page will be updated and inject HTML or JavaScript into the field or event.

Example

Use Firebug or similar to examine the message that appears when a new item is added to storage. The message appears in a label below the two input fields. Inject XSS into the "key" field. This is output into the message. Craft a XSS to read the DOM storage or perform other action.

Videos


YouTubeCross-Site Scripting Explained - Part 7: HTML Events