Excellent explanation. Thank you so much. I have been a researcher for years and have searched almost an equal amount of time for a simple explanation of DOM XSS. This tutorial is even better than the training material provided by PortSwigger. Well done.
Amazing video, best of the best Ive seen on the topic. But could you explain in another video what the real dangers are that come from different kinds of XSS (reflective, stored (DOM)) being possible? Such as stealing cookies, abusing SOP when CORS is misconfigured, etc?
Thank you for your explanation! However, I’m still curious about how DOM-Based XSS is practical. Based on the concept, a DOM-Based payload executes on the web browser with out any interaction with server, so it seems like you’d just be hacking yourself for nothing. Instead of doing that, I think to make this type of attack practical, you’d need to combine it with Reflected XSS to deliver the payload. Isn’t that correct? In conclusion, if you want to deliver a DOM-Based XSS payload, you would need a reflection mechanism to get the payload to the victim’s browser. Is that right?
What a great explanation. Especially the part where you show us how to use the debugger. But i have one question... isn't this example a little bit unrealistic? I mean the GET-Request only includes one parameter (productID). The serverside Javascript also already includes all stores in an array, so what practical purpose exists when a user is able to alter the list options? It's still great for teaching purposes.
Thank you very much ❤️ The lab by Portswigger was definitely designed to be simple. We agree with that. But you need a simple demonstration to start grasping the concepts!
You usually have a set of payloads in mind and you try them out and see how the app reacts. Another great resource is portswigger.net/web-security/cross-site-scripting/cheat-sheet
E.g. by clicking right click on your mouse! There's a couple of other methods but I let you google those. Googling is an important skill if you are a hacker!
Sorry I still don't understand. What we are doing is just in our browser, right? How can it affects another people browser? Because what I got is, we temper it after the server give the response which means only in our browser (in client side only) I understand about the common XSS, like a comment section case. We are successfully injected a script that will stay in the website for so long until another people open the same page and load all the injected script.
This vulnerability needs you to send the malicious URL (containing the XSS payload) to your victim. The victim then needs to click on it in order to get exploited. The most typical way this is happening in real-life is via an email phishing attack. However, you could also e.g. host that malicious URL on your own website and lure people into visiting that.
@@intigriti Thank you for the explanation Still wondering, if we need to send the script via a phishing attack, why do we still need to find the vulnerability as shown in the video?
@@intigriti Where is img source script inserted in the source code? In the source itself? It's difficult to see in the vid. You can write to the website using both the source and sink? Also, How do you find that javascript debugger in Firefox? Thank you
That would not be ethical and is not allowed by law. Those vulnerable boxes are directly derived from real life examples, so make sure to search for them in real applications!
stop using portswigger labs... people come here to learn what DOM XSS is for example (xD) and they are spoiled the better labs they could find and they cant learn from them. I know it is pratical and everybody do it but that sucks. i stopped the video and a lot of others due to this...
Hey, thanks for the feedback! We're still making Portswigger videos but it's now a lot clearer that the content is a practical run through a Portswigger lab (the title and description exactly match the lab, and include links to the relevant lab and learning material), which are also uploaded directly to the Web Security Academy.
@@intigriti cool but it doesnt change the problem, people will learn and see the solution of the best labs on the subject and will lose the preciois hands-on experience which make portswigger academy so good. Thanks for your all you do and love hunting on your platform :) the best one where triagers arent there to avoid payement :D
BRILLIANT! two days of surfing the web to understand it and you explained it in under 10 mins. just subbed!
Awww, glad to hear that 😇. Thanks, more easy to understand videos to come!
two days worth it bro
Best XSS methodology explanation I’ve found in Years. Great work Bro, kudos for Intigriti 👍
Ohh wow 😊. in years? Thanks for that super lovely feedback!!
More videos to come 😇
That video just saved me from hours of headaches. It is much more detailed then the writeup for that lab. Thank you
Thank you very much for that great feedback! ❤️ super glad it helped you!
Been working on this lab too; was focused too much on the additional js files at the end of the script. You’ve explained it well! Thank you!
Awesome, glad it helped 💜
This video was put together very well. It is thoroughly and simply explained. It is really hard to find this quality content online for cybersecurity
Thanks a lot Reuben ❤️
Excellent explanation. Thank you so much. I have been a researcher for years and have searched almost an equal amount of time for a simple explanation of DOM XSS. This tutorial is even better than the training material provided by PortSwigger. Well done.
Thank you so much for your very kind words! This feedback is really heartwarming!
Coming from Pascal ❤️
one of the best practic explanations I've ever seen
Thank you very much! We really appreciate that 😇
So much better than the portswigger video. You're an angel!
Thank you very much for those kind words ❤️
@@intigriti anytime dude have a great day
surely did learn something new. awesome content well articulated
Thanks Dennis 😎 We are glad you like it!
Great explanation! Thank you!
Thank you very much for your kind words 🥰
Good one! Amazing for me!!!
🙏🥰
really great explanation. thanks a lot for making such videos, it helped a lot..cheers..
You are very welcome! :) We are glad it helped 😇
Excellent explanation.
Glad you liked it ❤️
Thanks sir ,😇
You earned my respect!
Thank you very much. That's very kind of you ❤️
Awsme explain .. 💐
Thanks a lot 😊
We really appreciate your feedback!
Great man 🔥
Thank you Ashish 🥰
Amazing video, best of the best Ive seen on the topic.
But could you explain in another video what the real dangers are that come from different kinds of XSS (reflective, stored (DOM)) being possible?
Such as stealing cookies, abusing SOP when CORS is misconfigured, etc?
Thank you! Request noted ✍
Nice video would be nice to include how to fix these as well
Noted! 📝
Good one! Thanks
You're welcome! 😇
Thank you for your explanation! However, I’m still curious about how DOM-Based XSS is practical. Based on the concept, a DOM-Based payload executes on the web browser with out any interaction with server, so it seems like you’d just be hacking yourself for nothing. Instead of doing that, I think to make this type of attack practical, you’d need to combine it with Reflected XSS to deliver the payload. Isn’t that correct?
In conclusion, if you want to deliver a DOM-Based XSS payload, you would need a reflection mechanism to get the payload to the victim’s browser. Is that right?
Yep, you need some way to deliver the XSS payload to the victim. It could be simply sharing a URL (e.g. phishing email) or even a malvertisement!
Thanks once again for great content - I am really late to the party \o/
No worries! We are glad you are watching at this point 😇
Amazing
no, you! 💜
What a great explanation. Especially the part where you show us how to use the debugger.
But i have one question... isn't this example a little bit unrealistic? I mean the GET-Request only includes one parameter (productID). The serverside Javascript also already includes all stores in an array, so what practical purpose exists when a user is able to alter the list options?
It's still great for teaching purposes.
Thank you very much ❤️
The lab by Portswigger was definitely designed to be simple. We agree with that. But you need a simple demonstration to start grasping the concepts!
what automation tool should i use for DOM-based vulnerabilities?
Not sure about automating but the DOM Invader in burp is a must for testing!
Thank you.
You're welcome! 💪
How do you prevent the injection?
Hey there, have a look at cheatsheetseries.owasp.org/cheatsheets/DOM_based_XSS_Prevention_Cheat_Sheet.html.
but how do you know what payload to use? tags, etc
i mean, i found it is may be dom xss, but how do i know how to use the right payload?
You usually have a set of payloads in mind and you try them out and see how the app reacts.
Another great resource is portswigger.net/web-security/cross-site-scripting/cheat-sheet
@@intigriti thanks for the answer, what do you mean how the app react? what do you usally check for see and confrim there is some suspious reaction?
Thank you
You're welcome!!
Goooooooood :)
Thank you very much! Keep watching all our videos 🙏🏻
amazing
Thank you!
It was damn good 😍
Thank you so much 😇 Please share it with your community!
how to inspect source in firefox?
E.g. by clicking right click on your mouse!
There's a couple of other methods but I let you google those. Googling is an important skill if you are a hacker!
Sorry I still don't understand.
What we are doing is just in our browser, right?
How can it affects another people browser? Because what I got is, we temper it after the server give the response which means only in our browser (in client side only)
I understand about the common XSS, like a comment section case. We are successfully injected a script that will stay in the website for so long until another people open the same page and load all the injected script.
This vulnerability needs you to send the malicious URL (containing the XSS payload) to your victim. The victim then needs to click on it in order to get exploited. The most typical way this is happening in real-life is via an email phishing attack.
However, you could also e.g. host that malicious URL on your own website and lure people into visiting that.
@@intigriti Thank you for the explanation
Still wondering, if we need to send the script via a phishing attack, why do we still need to find the vulnerability as shown in the video?
thx!
Welcome! 💜
Nice
Thanks 😇
King
Coming from @hacksplained: "Thank you very much, I really appreciate it!" 🔥
perfect
thanks a lot 😇
Great
Glad it helped!
❤️
❤️
First comment 🔥
🔥🔥🔥
thanks jesuscrist!!
Thanks a lot ❤️
confusing
Anything in specific that wasn't clear?
@@intigriti Where is img source script inserted in the source code? In the source itself? It's difficult to see in the vid. You can write to the website using both the source and sink? Also, How do you find that javascript debugger in Firefox? Thank you
Start doing real world examples stop these bullshit vuln web apps
That would not be ethical and is not allowed by law. Those vulnerable boxes are directly derived from real life examples, so make sure to search for them in real applications!
@@intigriti bug bounty’s
stop using portswigger labs... people come here to learn what DOM XSS is for example (xD) and they are spoiled the better labs they could find and they cant learn from them. I know it is pratical and everybody do it but that sucks. i stopped the video and a lot of others due to this...
Hey, thanks for the feedback! We're still making Portswigger videos but it's now a lot clearer that the content is a practical run through a Portswigger lab (the title and description exactly match the lab, and include links to the relevant lab and learning material), which are also uploaded directly to the Web Security Academy.
@@intigriti cool but it doesnt change the problem, people will learn and see the solution of the best labs on the subject and will lose the preciois hands-on experience which make portswigger academy so good. Thanks for your all you do and love hunting on your platform :) the best one where triagers arent there to avoid payement :D
Thank You
Welcome! 💜