DOM-based

Controlling the web-message source

In this section, we'll look at how web messages can be used as a source to exploit DOM-based vulnerabilities on the recipient page. We'll also describe how such an attack is constructed, including how common origin-verification techniques can often be bypassed. If a page handles incoming web messages in an unsafe way, for example, by not verifying the origin of incoming messages correctly in the event listener, properties and functions that are called by the event listener can potentially become sinks. For example, an attacker could host a malicious iframe and use the postMessage() method to pass web message data to the vulnerable event listener, which then sends the payload to a sink on the parent page. This behavior means that you can use web messages as the source for propagating malicious data to any of those sinks. What is the impact of DOM-based web-message vulnerabilities? The potential impact of the vulnerability depends on the…

Read time: 3 mins Read more »

DOM-based Ajax request-header manipulation

In this section, we'll look at what DOM-based Ajax request-header manipulation is, talk about the potential impact of this kind of attack, and suggest ways to reduce your exposure to Ajax request-header manipulation vulnerabilities. What is DOM-based Ajax request-header manipulation? Using Ajax enables a website to make asynchronous requests to the server so that web applications can dynamically change content on the page without the need to reload the entire page. However, Ajax request-header manipulation vulnerabilities arise when a script writes attacker-controllable data into the request header of an Ajax request that is issued using an XmlHttpRequest object. An attacker may be able to use this vulnerability to construct a URL that, if visited by another user, will set an arbitrary header in the subsequent Ajax request. This can then be used as a starting point to chain together with other kinds of attack, thereby increasing the potential severity of this vulnerability. What is the…

Read time: 2 mins Read more »

DOM clobbering

In this section, we will describe what DOM clobbering is, demonstrate how you can exploit DOM vulnerabilities using clobbering techniques, and suggest ways you can reduce your exposure to DOM clobbering attacks. What is DOM clobbering? DOM clobbering is a technique in which you inject HTML into a page to manipulate the DOM and ultimately change the behavior of JavaScript on the page. DOM clobbering is particularly useful in cases where XSS is not possible, but you can control some HTML on a page where the attributes id or name are whitelisted by the HTML filter. The most common form of DOM clobbering uses an anchor element to overwrite a global variable, which is then used by the application in an unsafe way, such as generating a dynamic script URL. The term clobbering comes from the fact that you are "clobbering" a global variable or property of an object and overwriting it with a DOM…

Read time: 4 mins Read more »

DOM-based denial of service

In this section, we'll describe DOM-based denial-of-service vulnerabilities, look at which sinks can lead to this kind of vulnerability, and discuss ways to reduce your exposure to DOM-based DOS attacks. What is DOM-based denial of service? DOM-based denial-of-service vulnerabilities arise when a script passes attacker-controllable data in an unsafe way to a problematic platform API, such as an API whose invocation can cause the user's computer to consume excessive amounts of CPU or disk space. This may result in side effects if the browser restricts the functionality of the website, for example, by rejecting attempts to store data in localStorage or killing busy scripts. Which sinks can lead to DOM-based denial-of-service vulnerabilities? The following are some of the main sinks that can lead to DOM-based denial-of-service vulnerabilities: requestFileSystem() RegExp() How to prevent DOM-based denial-of-service vulnerabilities In addition to the general measures described on the DOM-based vulnerabilities page, you should avoid allowing data from any untrusted…

Read time: 1 min Read more »

DOM-data manipulation

In this section, we'll look at what DOM-data manipulation is, discuss the potential impact of this kind of attack, and look at ways to reduce your exposure to DOM-data manipulation vulnerabilities. What is DOM-data manipulation? DOM-data manipulation vulnerabilities arise when a script writes attacker-controllable data to a field within the DOM that is used within the visible UI or client-side logic. An attacker may be able to use this vulnerability to construct a URL that, if visited by another user, will modify the appearance or behavior of the client-side UI. DOM-data manipulation vulnerabilities can be exploited by both reflected and stored DOM-based attacks. What is the impact of DOM-data manipulation? At the lesser end of the scale, an attacker may be able to leverage this vulnerability to perform virtual defacement of the website, such as changing text or images that are displayed on a particular page. However, attacks can be more severe. For example, if…

Read time: 2 mins Read more »

DOM-based client-side JSON injection

In this section, we'll describe client-side JSON injection as related to the DOM, look at how damaging such an attack could be, and suggest ways to reduce your exposure to this kind of vulnerability. What is DOM-based JSON injection? DOM-based JSON-injection vulnerabilities arise when a script incorporates attacker-controllable data into a string that is parsed as a JSON data structure and then processed by the application. An attacker may be able to use this behavior to construct a URL that, if visited by another user, will cause arbitrary JSON data to be processed. What is the impact of a DOM-based JSON-injection attack? Depending on the purpose for which this data is used, it may be possible for an attacker to subvert the website's logic, or cause unintended actions on behalf of another user. Which sinks can lead to DOM-based JSON-injection vulnerabilities? JSON.parse() jQuery.parseJSON() $.parseJSON() How to prevent client-side JSON-injection vulnerabilities? In addition to the general…

Read time: 1 min Read more »

DOM-based client-side XPath injection

In this section, we'll look at what DOM-based XPath injection is, discuss the potential impact of this kind of vulnerability, and suggest ways to reduce your exposure to them. What is DOM-based XPath injection? DOM-based XPath-injection vulnerabilities arise when a script incorporates attacker-controllable data into an XPath query. An attacker may be able to use this behavior to construct a URL that, if visited by another application user, will trigger the execution of an arbitrary XPath query, which could cause different data to be retrieved and processed by the website. What is the impact of DOM-based XPath injection? Depending on the purpose for which the query results are used, it may be possible for the attacker to subvert the website's logic or cause unintended actions on behalf of the user. Which sinks can lead to XPath-injection vulnerabilities? The following are some of the main sinks that can lead to DOM-based XPath-injection vulnerabilities: document.evaluate() element.evaluate() How…

Read time: 1 min Read more »

DOM-based HTML5-storage manipulation

In this section, we'll look at HTML5-storage manipulation using the DOM, point out potentially dangerous sinks that can be used as part of this kind of attack, and suggest ways to reduce your exposure to HTML5-storage manipulation. What is DOM-based HTML5-storage manipulation? HTML5-storage manipulation vulnerabilities arise when a script stores attacker-controllable data in the HTML5 storage of the web browser (either localStorage or sessionStorage). An attacker may be able to use this behavior to construct a URL that, if visited by another user, will cause the user's browser to store attacker-controllable data. This behavior does not in itself constitute a security vulnerability. However, if the application later reads data back from storage and processes it in an unsafe way, an attacker may be able to leverage the storage mechanism to deliver other DOM-based attacks, such as cross-site scripting and JavaScript injection. Which sinks can lead to DOM-based HTML5-storage manipulation vulnerabilities? The following are some of…

Read time: 1 min Read more »

DOM-based client-side SQL injection

In this section, we'll discuss what DOM-based client-side SQL injection is, describe how an attacker can exploit this vulnerability, and suggest ways to reduce your exposure to this kind of attack. What is DOM-based client-side SQL injection? Client-side SQL injection vulnerabilities arise when a script incorporates attacker-controllable data into a client-side SQL query in an unsafe way. An attacker may be able to use this vulnerability to construct a URL that, if visited by another user, will execute an arbitrary SQL query within the local SQL database of the user's browser. What is the impact of DOM-based client-side SQL injection? The potential impact of the vulnerability depends on the website's usage of the SQL database. If the database is used to store sensitive data, such as messages on a social network, the attacker may be able to retrieve this data. If the database is used to store pending user actions, such as outgoing messages in…

Read time: 2 mins Read more »

DOM-based local file-path manipulation

In this section, we'll talk about what DOM-based local file-path manipulation is, look at the potential impact of an attack, highlight some of the sinks that can lead to this kind of vulnerability, and suggest ways that you can reduce your exposure. What is DOM-based local file-path manipulation? Local file-path manipulation vulnerabilities arise when a script passes attacker-controllable data to a file-handling API as the filename parameter. An attacker may be able to use this vulnerability to construct a URL that, if visited by another user, will cause the user's browser to open an arbitrary local file. What is the impact of DOM-based local file-path manipulation? The potential impact of this vulnerability depends on how the website uses the opened file: If the website reads data from the file, the attacker may be able to retrieve this data. If the website writes specific data to a sensitive file, the attacker may also be able to…

Read time: 2 mins Read more »

Web-message manipulation

In this section, we'll explain what web-message manipulation vulnerabilities are and suggest ways to reduce your exposure to them. What is DOM-based web-message manipulation? Web-message vulnerabilities arise when a script sends attacker-controllable data as a web message to another document within the browser. An attacker may be able to use the web-message data as a source by constructing a web page that, if visited by a user, will cause the user's browser to send a web message containing data that is under the attacker's control. For more information about using web messages as a source, please refer to the Controlling the web-message source page. Which sinks can lead to DOM-based web-message manipulation vulnerabilities? The postMessage() method for sending web messages can lead to vulnerabilities if the event listener for receiving messages handles the incoming data in an unsafe way. How to prevent DOM-based web message manipulation In addition to the general measures described on the…

Read time: 1 min Read more »


Warning: file_get_contents(http://api.wipmania.com/44.192.22.242?[YOUR SITE URL]): failed to open stream: Connection refused in /var/www/vhosts/amberit.eu/httpdocs/wp-content/themes/amberit/inc/layout-functions.php on line 821