Loading dom-based-xss.md +15 −15 Original line number Diff line number Diff line ## DOM-based XSS In DOM-based XSS the malicious code is never sent to the server. The injection-point is somewhere where javascript has access. The typical example of how this works is with URLs. Loading @@ -25,10 +23,7 @@ So in order to inject and execute a DOM-based XSS we need a injection-point \(ca In the example above `document.URL` is our source. Example of other sources are: ``` document.URL document.documentURI document.URLUnencoded (IE 5.5 or later Only) Loading @@ -43,14 +38,8 @@ In the example above `document.URL` is our source. Example of other sources are: document.referrer ``` ### Sinks ``` eval setTimeout Loading @@ -67,15 +56,26 @@ anyTag.onEventName ### Finding it To find DOM-based XSS you will need to check out the code. ## References If the javascript code is bundled and minified you can use js\_beautify to make it readble again. https://github.com/wisec/domxsswiki/wiki/location,-documentURI-and-URL-sources ``` sudo apt-get install libjavascript-beautifier-perl # then invoke js_beautify ``` ## References [https://github.com/wisec/domxsswiki/wiki/location,-documentURI-and-URL-sources](https://github.com/wisec/domxsswiki/wiki/location,-documentURI-and-URL-sources) Loading
dom-based-xss.md +15 −15 Original line number Diff line number Diff line ## DOM-based XSS In DOM-based XSS the malicious code is never sent to the server. The injection-point is somewhere where javascript has access. The typical example of how this works is with URLs. Loading @@ -25,10 +23,7 @@ So in order to inject and execute a DOM-based XSS we need a injection-point \(ca In the example above `document.URL` is our source. Example of other sources are: ``` document.URL document.documentURI document.URLUnencoded (IE 5.5 or later Only) Loading @@ -43,14 +38,8 @@ In the example above `document.URL` is our source. Example of other sources are: document.referrer ``` ### Sinks ``` eval setTimeout Loading @@ -67,15 +56,26 @@ anyTag.onEventName ### Finding it To find DOM-based XSS you will need to check out the code. ## References If the javascript code is bundled and minified you can use js\_beautify to make it readble again. https://github.com/wisec/domxsswiki/wiki/location,-documentURI-and-URL-sources ``` sudo apt-get install libjavascript-beautifier-perl # then invoke js_beautify ``` ## References [https://github.com/wisec/domxsswiki/wiki/location,-documentURI-and-URL-sources](https://github.com/wisec/domxsswiki/wiki/location,-documentURI-and-URL-sources)
