DOM Based Cross Site Scripting (XSS) Vulnerability
DOM based cross site scripting (XSS) is similar to both reflected and stored XSS. That is, they can be discovered and exploited similarly. The main difference is simply that DOM based XSS attacks occur entirely on the client side, meaning the payload is never sent to the server. The benefit to these types of attacks is that there are no logs, filters, and there is no server side protection to prevent them. According to OWASP, DOM based XSS "is an XSS attack wherein the attack payload is executed as a result of modifying the DOM “environment” in the victim’s browser used by the original client side script, so that the client side code runs in an “unexpected” manner. That is, the page itself (the HTTP response that is) does not change, but the client side code contained in the page executes differently due to the malicious modifications that have occurred in the DOM environment" (https://www.owasp.org/index.php/DOM_Based_XSS). For this lab, the only tool used was a simple ...