1. Web Security Academy
  2. DOM-based
  3. DOM clobbering
  4. Lab

Lab: Exploiting DOM clobbering to enable XSS


This lab contains a DOM-clobbering vulnerability. The comment functionality allows "safe" HTML. To solve this lab, construct an HTML injection that clobbers a variable and uses XSS to call the alert() function.


Please note that the intended solution to this lab will only work in Chrome.

Find DOM-based vulnerabilities using Burp Suite

The benefits of working through PortSwigger's Web Security Academy

Get started with the Web Security Academy where you can practise exploiting vulnerabilities on realistic targets .. and its free!

Already got an account? Login here