Simple DOM based XSS Trick

What is DOM based XSS??

DOM Based XSS is an XSS attack wherein the attack payload is executed as a result of modifying the DOM environment in the victim’s browser used by the original client side script, so that the client side code runs in an “unexpected” manner. That is, the page itself does not change, but the client side code contained in the page executes differently due to the malicious modifications that have occurred in the DOM environment.

How to Find and Exploit!?

Vulnerable point: /auth/realms/master/clients-registrations/openid-connect

Request in Burp
Response in Burp
XSS Found

Any doubts!?

Feel free to talk!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store