How to Use Dominator to discover DOM-based XSS vulnerabilities on Nokia Official Website

Source: Internet
Author: User

How to Use Dominator to discover DOM-based XSS vulnerabilities on Nokia Official Website

Background

DOM-based XSS (Cross-Site Scripting) vulnerabilities are generally difficult to find. In this article, the author uses Dominator to discover and use dom xss on the Nokia (Nokia) OVI website, this reminds me of the Second Brother's artifact :)

Brief Introduction

Resources in the DIV are all specified through location. hash. The author ran it with Dominator and found the following results:

The following figure shows a controllable point: location. hash and the resource is loaded through XMLHR. open. open the address in chrome and the console output is as follows:

 

Reload the following URL:
 

Http://store.ovi.com/#/jasminder

Dominator displays the following information:

If the author wants to see if the resources of a third-party website can be loaded, he loads the location of location. hash on his website and initiates a request. The result is as follows:

The actual request is as follows. The request is not sent to the author's website.

Http://store.ovi.com/jasminderapalsingh.info? Fragment = 1

However, the author later found that if the following request is initiated in chrome:

Http://store.ovi.com/#/~jasminderapalsingh.info

The browser initiates the following request:

This method can be used to initiate a request to a third-party host and load the data of the third-party host. In this way, the author places payload on his website. The final implementation result is as follows:

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.