[Security] Cross-site Scripting (DOM Clobbering)
[Security] Cross-site Scripting (DOM Clobbering)
What is DOM
- 將HTML parser成一個樹狀結構
DOM Clobbering
- HTML元素可以有一個ID,而且JS可以進行存取,DOM增加了html和javascript的交互。
HTML元素可以影響javascript
- 確認是否有isAdmin
- 新增一個html元素id為isAdmin
- 假如已經有給定值,則無法影響
This post is licensed under CC BY 4.0 by the author.