Home [Security] Cross-site Scripting (DOM Clobbering)
Post
Cancel

[Security] Cross-site Scripting (DOM Clobbering)

What is DOM

  • 將HTML parser成一個樹狀結構

Day03-深入理解網頁架構:DOM - ithome

DOM Clobbering

  • HTML元素可以有一個ID,而且JS可以進行存取,DOM增加了html和javascript的交互。

HTML元素可以影響javascript

  • 確認是否有isAdmin

  • 新增一個html元素id為isAdmin

  • 假如已經有給定值,則無法影響

This post is licensed under CC BY 4.0 by the author.
Contents

[Security] Cross-site Scripting (mutation XSS)

[心得] HITCON CMT 2023

Comments powered by Disqus.