What is DOM-based XSS?
The Document Object Model (DOM) lets web developers dictate through HTML source code how a user’s web browser should display a web page. DOM-based XSS attacks seek to exploit the DOM in a simple two step process:
- Create a Source: Inject a malicious script into a property found to be suceptible to DOM-based XSS attacks. Common injection vectors include document.url, document.location, and document.referrer objects.
For a typical example of how a DOM-based XSS attack is executed, it’s suggested that you read DOM XSS: An Explanationof DOM-based Cross-Site Scripting.
DOM-based XSS Scanner
In order to find the source of a DOM-based XSS vulnerability before the hackers do, you’ll want to scan the client-side of your web application with a DOM XSS scanner. The Acunetix Web Vulnerability Scanner contains all the tools you’ll need to sniff out DOM XSS sources. With the highest SQL and XSS detection rate in the industry, Acunetix can crawl your web application and without fear of false positives. Try Acunetix Online or download it now to gain the insight you need to secure your app against DOM XSS.
We utilize Acunetix to more thoroughly assess internet-facing websites and servers. Acunetix helps us identify vulnerabilities in conjunction with other vulnerability scanning applications. Acunetix has been a more reliable application when discovering / determining different types of malicious code injection vulnerabilities (SQL, HTML, CGI, etc).