What is a DOM XSS vulnerability and How does it work ???Advanced Penetration Testing Course

Begin Learning Cyber Security for FREE Now!

Already a Member Login Here

Home Forums Courses Advanced Penetration Testing Course What is a DOM XSS vulnerability and How does it work ???

This topic contains 0 replies, has 1 voice, and was last updated by  apocalypse0 4 years, 3 months ago.

Viewing 1 post (of 1 total)
  • Author
  • #50943


    I want to know exactly:

    1 – How to search the DOM XSS vulnerabilities ???

    2 – Do you think the DOM XSS vulnerabilities are as easy to use as other XSS (Reflected and Stocked) ???

    3 – Having scanned my site based on a CMS script Open souce and installed in localhost with NMAP, I noticed that this site is vulnerable to XSS DOM.
    The result provided by NMAP is the following:

    | http-dombased-xss: 
    | Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=localhost
    |   Found the following indications of potential DOM based XSS: 
    |     Source: window.open('editor.htm?formname=' + document.forms[0].name + 
    |     		'&id=' + idname , 
    |     		'popupeditor', 
    |     		'width=600,height=450,left=100,top=100,toolbar=0,location=0,status=0,menubar=0,scrollbars=1,resizable=1')
    |_    Pages: localhost/js/serithem.js

    4 – Tell me, do you how to verify this in a web browser DOM XSS vulnerability found on my local web application Based on the above result to be sure it is not a false positive ???

    Thanks for the explanation.

    • This topic was modified 4 years, 3 months ago by  apocalypse0.
Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?