dom – Page 3 – WindowsTechs.com

prevent dom based – xss from js file in mvc

Posted on November 16, 2020 by 2766

I’m using a free template as a front end in my application and the main javascript file came out as a high risk as it’s vulnerable to a dom based cross site scripting.Is there a way to sanitize the javascript function inside a javascript f… Continue reading prevent dom based – xss from js file in mvc→

Does CSP mitigate against client prototype pollution XSS and DOM XSS?

Posted on October 28, 2020 by Machinexa2

DOM XSS and client prototype pollution-based XSS have one thing in common, we are modifying the pre-existing JavaScript code to popup an alert(1). Will CSP mitigate XSS in this case? Theoretically, JavaScript is already there and we aren’t… Continue reading Does CSP mitigate against client prototype pollution XSS and DOM XSS?→

How to Exploit DOM XSS? [closed]

Posted on July 19, 2020 by Ahmed

Is it exploitable or not?
Issue detail
The application may be vulnerable to DOM-based cross-site scripting. Data is read from window.location and passed to the wrap()’ function of JQuery via the following statement:
Turbolinks.Location.wra… Continue reading How to Exploit DOM XSS? [closed]→

Dom based Cross-Site Scripting (XSS) sources

Posted on May 4, 2020 by dev

Which are still relevant sources for Dom-based Cross-Site Scripting (XSS) in 2020?

Had a list of those:

document.URL, document.documentURI, document.location, location, location.href, location.search, location.hash, document.referer, win… Continue reading Dom based Cross-Site Scripting (XSS) sources→

Is this JavaScript mailto redirect vulnerable to XSS?

Posted on February 26, 2020 by m0chan

I am working on a XSS attack and I do not think it’s vulnerable after numerous hours of trying. However, a second opinion would be great.

DOM access between same-origin tabs [duplicate]

Posted on February 7, 2020 by Ronquam

Consider the following website. Page A (https://example.com/login) contains a login form and its password field has the attributes name and id set to “password”. Page B (https://example.com/vuln) has a XSS vulnerability that allows an atta… Continue reading DOM access between same-origin tabs [duplicate]→

open redirection Dom Based

Posted on January 25, 2020 by Momo

I found a vulnerability related to open redirection DOM Based in an application using Burp Suite. How do I exploit manually to ensure it exist? Could not find any proper stuff on any blogs or videos

Details from Burp:

Issue detail the a… Continue reading open redirection Dom Based→

Potential DOM Based XSS?

Posted on January 10, 2020 by Jayson

I am currently working on exploiting a potential DOM based XSS on a web app. Currently all of my XSS attempts have been thwarted by Internet Explorers XSS auditor, even after disabling it. While investigating I noticed that t… Continue reading Potential DOM Based XSS?→

Is this javascript vulnerable to dom based XSS?

Posted on November 22, 2019 by Pong

I was testing example.com and i found a js reflection point. If i send the following request:

https://example.com/?token=test%22test=”‘-confirm(1)-‘

I can see the following in server response:

Is Dom based XSS still a valid security concern in modern browsers?

Posted on October 20, 2019 by Ilya Chernomordik

I am trying to understand how DOM based XSS work, e.g. from this post, I managed to reproduce it in IE11, but e.g. Chrome and Firefox are immune at least against this exact example.

What happens is that document.baseURI and … Continue reading Is Dom based XSS still a valid security concern in modern browsers?→