DOM-Based Attacks TryHackMe - Full Walkthrough

🐣🐣 Learn about DOM-based vulnerabilities that can be leveraged to stage client-side attacks! 🔗🔗 Room Link: https://tryhackme.com/r/room/dombasedattacks 🐣🐣 In this room, you will learn about DOM-based attacks. In web applications, any vulnerability that allows a threat actor to target the document object model (DOM) means that they can manipulate what the user sees and take control of their browser! 🎯 Learning Objectives 🎯 📌 Understand what the DOM is 📌 Understand modern frontend frameworks 📌 Learn about the different types of DOM-based attacks 📌 Learn about DOM-based XSS and how to practically exploit it 🎯 Room Tasks: 🎯 🔼 Task 1: Introduction 🔼 Task 2: The DOM Explained - What does DOM stand for? - What JavaScript command can be used to create new HTML elements? - What JavaScript command can be used to get the cookie values from the DOM? 🔼 Task 3: Modern Frontend Frameworks - What does SPA stand for? - Should security be implemented client-side or server-side? - What control can be implemented to ensure that bad user data does not make its way through? 🔼 Task 4: DOM-Based Attacks - What do we call the location where untrusted user input made its way into the data pipeline? - What do we call the function where untrusted user input is reflected back in the application, leading to a successful attack? 🔼 Task 5: DOM-Based XSS - What was the most common source for DOM-based XSS attacks? - What control implemented by modern browsers prevent us from using this source? 🔼 Task 6: XSS Weaponisation - What flag prevents JavaScript from gaining access to cookie values? - What security control, that limits where content can be loaded from, makes it harder to weaponise XSS? 🔼 Task 7: DOM-Based Attack Challenge - name that makes the application vulnerable to XSS? - What is the sink Vue directive that makes the application vulnerable to XSS? - What is the value of the flag that you receive once you deleted all the birthdays? 🔼 Task 8: Conclusion 🔼🔼 Scripts used on the room: 🔼🔼 https://github.com/djalilayed/tryhackme/blob/main/DOM-Based%20Attacks/scripts.txt ⚠️ Educational Purpose Only This content is for educational and authorized penetration testing purposes only. Always ensure you have permission before testing on any systems. #tryhackme