What are DOM based vulnerabilities ?

December 11, 2020 admin ethical hacking 0

In this article, we are telling you about DOM based vulnerabilities like what are DOM based vulnerabilities and how to find this vulnerability in website.

We have already told you about cross site scripting attacks, there we have also told you about DOM based XSS attack, here DOM based vulnerabilities also works in some similar way.

All this is being told to you for educational purpose, here it is not possible to fully explain DOM based vulnerabilities but here we will try our best to give you maximum information.

Note- This article is only for educational purpose. Don’t miss use your knowledge and skills.

DOM based vulnerabilities ?

Before going about DOM based vulnerabilities, you should know what is DOM. Let’s talk about it first of all, we must have heard about DOM sometime.

Here we want to make you clear one thing, you find many ways to exploit DOM based vulnerabilities that you can use, you get a lot of labs here.

The Document Object Model (DOM) is a web browser’s hierarchical representation of the elements on the page. Websites can use JavaScript to manipulate the nodes and objects of the DOM, as well as their properties.

DOM manipulation in itself is not a problem. In fact, it is an integral part of how modern websites work. However, JavaScript that handles data insecurely can enable various attacks.

DOM based vulnerabilities arise when a website contains JavaScript that takes an attacker-controllable value, known as a source, and passes it into a dangerous function, known as a sink.

https://portswigger.net/web-security/dom-based

Also Read

cross origin resource sharing vulnerability

What is server side request forgery ssrf

What is cross site request forgery csrf attack

DOM based vulnerabilities Labs ?

Here we are telling you to solve two labs of DOM based vulnerabilities, if you know about DOM Based Cross Site Scripting, then you can solve all its labs as well as understand them.

https://portswigger.net/web-security/dom-based/open-redirection/lab-dom-open-redirection

DOM based vulnerabilities

Here first we have to access the lab as you have told us in all the earlier articles, if you have not read them, you can also read our articles. what is insecure deserialization vulnerability

DOM based vulnerabilities

After accessing the lab, this page opens in front of you like we have told you about open redirect vulnerability earlier, here we are talking about DOM Based open redirect.

DOM based vulnerabilities

Here you can open any product as you can see in the image, you can do this lab with the help of burp suite as you have been told to use repeater in many articles.

DOM based vulnerabilities

Here we are telling you in simple way by solving this lab as you have been told, if open redirect bug occurs in a website, in such a way hackers can redirect the website to another website only through the url address.

As you can see in the image, we have given the lab id in front of the product here, as soon as this is done, in the background it becomes known that this website is not giving any kind of error while redirecting to another website.

DOM based vulnerabilities

As you can see in the image, you have also got a message of congratulations, here you can also check by the view page source, you get your lab id shown there as well, in this way DOM based vulnerabilities labs are solved.

https://portswigger.net/web-security/dom-based/cookie-manipulation/lab-dom-cookie-manipulation

In the same way, you can solve the DOM based cookie manipulation lab as if you have been told about cookies earlier here, if hackers in this type of attack.

If there is vulnerability of cross site scripting attack in any other website there. It is called DOM based cookie manipulation when you are able to inject cookies.

Here first you have to access lab like we do in all labs, here if you want to read about DOM based cookie manipulation in detail, you can also read here.

After accessing the lab, you have to open any product, here you can also intercept on the burp suite and check how the request is going and what response you are getting.

What is business logic flaw vulnerability

Like we have forwarded the request from the burp suite here as if you can see in the image, by doing this you automatically reach the product page, in this way the request show in front of you as well.

After doing all this, you can go to the exploit server and run the script in this way, here you get this code in the solution of the lab, here you have to store first and then deliver exploit to victim.

Bypass website two factor authentication

Here, if you want, you can also check by exploit the view how this exploit is being run here as you can see here you have got a message show of lab solving.

The Conclusion

I hope now you can understand about DOM based vulnerabilities. We have told you here by solving two labs of DOM based vulnerabilities.

Here you get more labs of DOM based vulnerabilities which you can solve by yourself and see if it is not possible to solve all the labs and tell them.

We have also told you in earlier articles that the more you try to learn the bug bounty by yourself, the more your skills grow, in that case you must try all the labs by yourself.

Because this happens so often, while learning, you sometimes know something that has no link to any kind of lab, so you should try to solve all kinds of labs by yourself.

If you have any kind of problem in solving labs, in such a way, you can ask us in a comment, we will help you completely, here you can tell in the comment even if you want a solution for this and labs.

I hope that you must have liked our article on DOM based vulnerabilities, here we have given you many types of articles on bug bounty before, you can also read them.

Subscribe to our blog for latest updates

Sharing is caring

Thankyou

Be the first to comment

Leave a Reply

Your email address will not be published.


*