<html> <head> <title>Custom Dashboard </title> ... </head> Main Dashboard for <script> var pos=document.URL.indexOf("context=")+8; document.write(document.URL.substring(pos,document.URL.length)); </script> ... </html>
Here is how a DOM-based XSS attack can be performed for this web application:
1)The attacker embeds a malicious script in the URL: "http://www.example.com/userdashboard.html#context=SomeFunction(somevariable)".
2)The victim’s browser receives this URL, sends an HTTP request to http://www.example.com, and receives the static HTML page.
3)The browser starts building the DOM of the page and populates the document.URL property with the URL from step 1.
4)The browser parses the HTML page, reaches the script, and runs it, extracting the malicious content from the document.URL property.
5)The browser updates the raw HTML body of the page to contain: Main Dashboard for SomeFunction(somevariable).
DOM based XSS attacks are dangerous because the attacker is not alerting the server in order to insert the code. The server has detection methods that will notice other types of XSS attacks. The prevention method for this type of attack relies on the protection and sanitation of the client sided systems.
Successful XSS attacks can allow the attacker to gain access to the users data and perform actions in place of the user. If the user that is attacked has privileged access the attacker can gain even more control over the website.