1. Web Security Academy
  2. DOM-based
  3. DOM clobbering
  4. Lab

Lab: Clobbering DOM attributes to bypass HTML filters


This lab uses the HTMLJanitor library, which is vulnerable to DOM clobbering. To solve this lab, construct a vector that bypasses the filter and uses DOM clobbering to inject a vector that alerts document.cookie. You may need to use the exploit server in order to make your vector auto-execute in the victim's browser.


The intended solution to this lab will not work in Firefox. We recommend using Chrome to complete this lab.