What is DOM XSS
DOM-based XSS, in particular, is a type of XSS that occurs when the vulnerability is in the client-side code of the web application, rather than on the server-side. This means that the malicious code is injected into the Document Object Model (DOM) of the web page, rather than being sent to the server as part of a request.
Finding DOM-based XSS vulnerabilities can be a bit more challenging than finding server-side XSS vulnerabilities, because the malicious code is not sent to the server and there is no server-side input validation to detect it. However, there are still some steps you can take to find DOM-based XSS vulnerabilities in a web application.
There are several types of DOM-based XSS vulnerabilities that can occur in a web application. Some common types of DOM-based XSS include:
- Reflected DOM-based XSS: This type of vulnerability occurs when user input is reflected in the DOM without being properly validated or sanitized. For example, if a web application includes a search feature that displays the search query in the results page, an attacker could inject a malicious payload into the search query and have it executed when the results page is loaded.
- Persistent DOM-based XSS: This type of vulnerability occurs when user input is stored in the DOM and then displayed to other users without being properly validated or sanitized. For example, if a web application includes a forum feature where users can post messages, an attacker could inject a malicious payload into a message and have it executed whenever the message is displayed to other users.
- DOM-based XSS through event handlers: This type of vulnerability occurs when user input is used to set the value of an event handler in the DOM, such as an onclick event. An attacker could inject a malicious payload into the event handler, which would be executed whenever the event is triggered.
Here are some tips for finding DOM-based XSS vulnerabilities:
- Look for user input that is used to modify the DOM: Any time user input is used to modify the DOM, there is a potential for DOM-based XSS. This includes cases where user input is used to set the value of a DOM element, create a new DOM element, or modify the attributes of a DOM element.
- Test for DOM-based XSS using input that includes special characters: Special characters such as <, >, and & can be used to break out of HTML tags and inject malicious code into the DOM. Try entering special characters into input fields to see if they are properly escaped or encoded.
- Use a web application security scanner: There are many tools available that can help you find DOM-based XSS vulnerabilities. These tools work by crawling the web application and looking for areas where user input is used to modify the DOM.
- Manually review the client-side code: If you have access to the client-side code of the web application, you can manually review it for potential DOM-based XSS vulnerabilities. Look for areas where user input is used to modify the DOM, and try to identify any areas where input validation is missing or inadequate.
- Use a browser extension: There are several browser extensions available that can help you find DOM-based XSS vulnerabilities. These extensions work by highlighting areas of the DOM that are modified by user input, and by providing alerts when malicious input is detected.
Here Are Some Labs to Practice
1. DOM-based vulnerabilities By PortSwigger
2. DOM-XSS By Attackdefence
3. Google XSS Game
4. alert(1) to win
5. prompt(1) to win
6. XSS Challenges by yamagata21
7. XSS Challenges by nopernik
8. XSS Polyglot Challeng
9. Vulnweb by Acunetix
10. OWASP WebGoat Project
Here Are Some Bug Bounty Reports
Title: H1514 DOMXSS on Embedded SDK via Shopify.API.setWindowLocation abusing cookie Stuffing
Title: Multiple DOMXSS on Amplify Web Player
Title: Persistent DOM-based XSS in https://help.twitter.com via localStorage
Title: [parcel.grab.com] DOM XSS at /assets/bower_components/lodash/perf/
Title: DOM Based XSS in mycrypto.com