In this article, we are telling you about DOM based vulnerabilities like what are DOM based vulnerabilities and how to find this vulnerability in website.
We have already told you about cross site scripting attacks, there we have also told you about DOM based XSS attack, here DOM based vulnerabilities also works in some similar way.
All this is being told to you for educational purpose, here it is not possible to fully explain DOM based vulnerabilities but here we will try our best to give you maximum information.
Note- This article is only for educational purpose. Don’t miss use your knowledge and skills.
DOM based vulnerabilities ?
Before going about DOM based vulnerabilities, you should know what is DOM. Let’s talk about it first of all, we must have heard about DOM sometime.
Here we want to make you clear one thing, you find many ways to exploit DOM based vulnerabilities that you can use, you get a lot of labs here.
DOM based vulnerabilities Labs ?
Here we are telling you to solve two labs of DOM based vulnerabilities, if you know about DOM Based Cross Site Scripting, then you can solve all its labs as well as understand them.
Here first we have to access the lab as you have told us in all the earlier articles, if you have not read them, you can also read our articles. what is insecure deserialization vulnerability
After accessing the lab, this page opens in front of you like we have told you about open redirect vulnerability earlier, here we are talking about DOM Based open redirect.
Here you can open any product as you can see in the image, you can do this lab with the help of burp suite as you have been told to use repeater in many articles.
Here we are telling you in simple way by solving this lab as you have been told, if open redirect bug occurs in a website, in such a way hackers can redirect the website to another website only through the url address.
As you can see in the image, we have given the lab id in front of the product here, as soon as this is done, in the background it becomes known that this website is not giving any kind of error while redirecting to another website.
As you can see in the image, you have also got a message of congratulations, here you can also check by the view page source, you get your lab id shown there as well, in this way DOM based vulnerabilities labs are solved.
In the same way, you can solve the DOM based cookie manipulation lab as if you have been told about cookies earlier here, if hackers in this type of attack.
If there is vulnerability of cross site scripting attack in any other website there. It is called DOM based cookie manipulation when you are able to inject cookies.
Here first you have to access lab like we do in all labs, here if you want to read about DOM based cookie manipulation in detail, you can also read here.
After accessing the lab, you have to open any product, here you can also intercept on the burp suite and check how the request is going and what response you are getting.
Like we have forwarded the request from the burp suite here as if you can see in the image, by doing this you automatically reach the product page, in this way the request show in front of you as well.
After doing all this, you can go to the exploit server and run the script in this way, here you get this code in the solution of the lab, here you have to store first and then deliver exploit to victim.
Here, if you want, you can also check by exploit the view how this exploit is being run here as you can see here you have got a message show of lab solving.
I hope now you can understand about DOM based vulnerabilities. We have told you here by solving two labs of DOM based vulnerabilities.
Here you get more labs of DOM based vulnerabilities which you can solve by yourself and see if it is not possible to solve all the labs and tell them.
We have also told you in earlier articles that the more you try to learn the bug bounty by yourself, the more your skills grow, in that case you must try all the labs by yourself.
Because this happens so often, while learning, you sometimes know something that has no link to any kind of lab, so you should try to solve all kinds of labs by yourself.
If you have any kind of problem in solving labs, in such a way, you can ask us in a comment, we will help you completely, here you can tell in the comment even if you want a solution for this and labs.
I hope that you must have liked our article on DOM based vulnerabilities, here we have given you many types of articles on bug bounty before, you can also read them.
Subscribe to our blog for latest updates
Sharing is caring