Bug Bounty ShortsClobbering DOM Attributes to Bypass HTML Filters and Trigger DOM-Based XSS
This article demonstrates a unique form of DOM-based Cross-Site Scripting (XSS) by exploiting property collisions in the Document Object Model (DOM). The application filters user comments for restricted HTML but overlooks unsafe assumptions about specific DOM properties. By intentionally clobbering an existing property (onclick), the researcher overwrites its original value with malicious code, effectively bypassing filtering mechanisms that should have removed it. Although event handlers such as onclick and onfocus were supposed to be removed, the clobber attack allowed their retention. This vulnerability can result in sensitive data exposure or account takeover. The researcher did not disclose a bounty amount, but the article serves as a valuable lesson for security researchers to scrutinize assumptions about DOM properties during sanitization. Key lesson: Carefully examine all DOM properties when implementing HTML filtering to avoid clobber attacks. #BugBounty #Cybersecurity #DOMXSS #InformationDisclosure
ISOC LIVEVIDEO: BSidesNYC 2024 - Trusted Types: DOM XSS Protection at Scale - Jen Ozmen & Youssef Attia - @google https://www.youtube.com/watch?v=rM_CqA1BQzY&list=PLlg8We3ePxcMDrUFNWs7hyx3uJwnhK-_a #BSidesNYC #BsidesNYC2024 #bsidesnyc0x04 #cybersecurity #InfoSec #TrustedTypes #DOMXSS #WebSecurity
TechHelpKB.com π