Almost 50% of web pages have this bug. Learn How it is exploited in the wild
Have you ever wondered how hackers find bugs on websites? What does it take to hunt for bugs and responsibly disclose them? In this article, we will be focusing mainly on a single bug called DOM-based XSS (cross-site scripting), which is found very often on web pages.
After reading this article, you will be able to find this bug faster. You will understand how to attack it in a real-world scenario and what tools to use.
SOP stands for same-origin policy. This is a security measure taken by the browser. According to it, one web page cannot access data from another webpage. It's possible only if both pages have the same origin.
An origin consists of a URI scheme, domain, and port number. These measures block the malicious script from one page accessing sensitive data on another page from the DOM. XSS poses a serious threat to this security mechanism.
Imagine a blueprint or map for a house. The HTML we see on websites is like this blueprint. The DOM is like a dynamic, interactive version of the blueprint.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25544672/Jones_drives_the_solar_car_across_the_finish_line_at_the_Portofino_Hotel.jpg)
