1. Web Security Academy
  2. DOM-based
  3. DOM clobbering
  4. Lab

Lab: Exploiting DOM clobbering to enable XSS


This lab contains a DOM-clobbering vulnerability. The comment functionality allows "safe" HTML. To solve this lab, construct an HTML injection that clobbers a variable and uses XSS to call the alert() function.


Please note that the intended solution to this lab will only work in Chrome.