Before getting into DOM XSS, let’s first get to know DOM, what is DOM?, needle?
DOM stands for Document Object Model, which means a hierarchical structure in an HTML document, so in HTML code there is a kind of family tree
for XSS you can read here
In the case of DOM Based XSS, the XSS payload will change HTML content through this DOM????
Example: DVWA, DOM XSS, Level:Low
There is a language selection feature, let’s check the script
after briefly discussing XSS here, even though it was a bit messy, now it’s time to discuss how to prevent this bug from existing on our website
XSS can run / be executed because of loose <script> tags that are executed / rendered by the browser, therefore we manipulate the browser so it does not execute HTML tags that are input by users. But don’t worry, we’re not going to mess with the browser, just a little handling before user input is displayed on the website
Background From observing several IT groups that I follow, many people keep asking, Is XSS dangerous?, How to upload a webshell via XSS?, Why is my XSS bug report not responded to? Is it because XSS is not dangerous?, Or maybe because the web admin is already you know what?, More or less those are the questions that come up, let’s discuss together what the characteristics of XSS are,
Definition Cross-site scripting is a type of computer security vulnerability typically found in web applications. …