Cross-Site Scripting (XSS) attacks are a type of injection, in which unauthorized code is injected into otherwise trusted websites. The unwanted content sent to the browser usually takes the form of a segment of JavaScript, but may also include HTML, Flash, or any other type of code that the browser may execute.
A DOM-based XSS attack is made possible by a web application writing data to the DOM without proper sanitization. HTML sanitization is the process of examining an HTML document and producing a new HTML document that preserves only whatever tags are designated “safe” and desired.. The attacker can manipulate this data to include XSS content on the web page, for example, malicious JavaScript code.
<html>
<head>
<title>Custom Dashboard </title>
...
</head>
Main Dashboard for
<script>
var pos=document.URL.indexOf("context=")+8;
document.write(document.URL.substring(pos,document.URL.length));
</script>
...
</html>
Here is how a DOM-based XSS attack can be performed for this web application:
1)The attacker embeds a malicious script in the URL: "http://www.example.com/userdashboard.html#context=SomeFunction(somevariable)".
2)The victim’s browser receives this URL, sends an HTTP request to http://www.example.com, and receives the static HTML page.
3)The browser starts building the DOM of the page and populates the document.URL property with the URL from step 1.
4)The browser parses the HTML page, reaches the script, and runs it, extracting the malicious content from the document.URL property.
5)The browser updates the raw HTML body of the page to contain: Main Dashboard for SomeFunction(somevariable).
The browser finds the JavaScript code in the HTML body and executes it.
DOM based XSS attacks are dangerous because the attacker is not alerting the server in order to insert the code. The server has detection methods that will notice other types of XSS attacks. The prevention method for this type of attack relies on the protection and sanitation of the client sided systems.
Successful XSS attacks can allow the attacker to gain access to the users data and perform actions in place of the user. If the user that is attacked has privileged access the attacker can gain even more control over the website.
Top comments (0)