1. Web Security Academy
  2. DOM-based
  3. DOM clobbering
  4. Lab

Lab: Exploiting DOM clobbering to enable XSS

EXPERT

This lab contains a DOM-clobbering vulnerability. The comment functionality allows "safe" HTML. To solve this lab, construct an HTML injection that clobbers a variable and uses XSS to call the alert() function.

Try Burp Suite for Free

Find DOM-based vulnerabilities using Burp Suite

Try for free