H. Valters
Ethical Penetration tester / DevSecOps / IT Solution Developer / System administrator
Category Archives: Cyber Security
DOM-based client-side JSON injection
In this section, we’ll describe client-side JSON injection as related to the DOM, look at how damaging such an attack could be, and suggest ways to reduce your exposure to this kind of vulnerability. What is DOM-based JSON injection? DOM-based JSON-injection vulnerabilities arise when a script incorporates attacker-controllable data into a string that is parsed…
DOM-based client-side XPath injection
In this section, we’ll look at what DOM-based XPath injection is, discuss the potential impact of this kind of vulnerability, and suggest ways to reduce your exposure to them. What is DOM-based XPath injection? DOM-based XPath-injection vulnerabilities arise when a script incorporates attacker-controllable data into an XPath query. An attacker may be able to use…
DOM-based HTML5-storage manipulation
In this section, we’ll look at HTML5-storage manipulation using the DOM, point out potentially dangerous sinks that can be used as part of this kind of attack, and suggest ways to reduce your exposure to HTML5-storage manipulation. What is DOM-based HTML5-storage manipulation? HTML5-storage manipulation vulnerabilities arise when a script stores attacker-controllable data in the HTML5…
DOM-based client-side SQL injection
In this section, we’ll discuss what DOM-based client-side SQL injection is, describe how an attacker can exploit this vulnerability, and suggest ways to reduce your exposure to this kind of attack. What is DOM-based client-side SQL injection? Client-side SQL injection vulnerabilities arise when a script incorporates attacker-controllable data into a client-side SQL query in an unsafe way….
DOM-based local file-path manipulation
In this section, we’ll talk about what DOM-based local file-path manipulation is, look at the potential impact of an attack, highlight some of the sinks that can lead to this kind of vulnerability, and suggest ways that you can reduce your exposure. What is DOM-based local file-path manipulation? Local file-path manipulation vulnerabilities arise when a…
Web-message manipulation
In this section, we’ll explain what web-message manipulation vulnerabilities are and suggest ways to reduce your exposure to them. What is DOM-based web-message manipulation? Web-message vulnerabilities arise when a script sends attacker-controllable data as a web message to another document within the browser. An attacker may be able to use the web-message data as a source by…
DOM-based link manipulation
In this section, we’ll talk about what DOM-based link manipulation is, look at the impact of an attack, and suggest ways of preventing them. What is DOM-based link manipulation? DOM-based link-manipulation vulnerabilities arise when a script writes attacker-controllable data to a navigation target within the current page, such as a clickable link or the submission…
DOM-based WebSocket-URL poisoning
In this section, we’ll talk about how WebSocket URLs can be poisoned using DOM-based attacks, discuss the impact of WebSocket-URL poisoning, and suggest ways you can reduce your exposure to this kind of attack. What is DOM-based WebSocket-URL poisoning? WebSocket-URL poisoning occurs when a script uses controllable data as the target URL of a WebSocket…
DOM-based document-domain manipulation
In this section, we’ll describe DOM-based manipulation of the document.domain property and suggest ways to reduce your exposure to this kind of attack. What is DOM-based document-domain manipulation? Document-domain manipulation vulnerabilities arise when a script uses attacker-controllable data to set the document.domain property. An attacker may be able to use the vulnerability to construct a URL that, if visited…
DOM-based JavaScript injection
In this section, we’ll talk about DOM-based JavaScript-injection vulnerabilities, discuss how they can impact the victim and suggest ways to reduce your exposure to JavaScript-injection vulnerabilities. What is DOM-based JavaScript injection? DOM-based JavaScript injection vulnerabilities arise when a script executes attacker-controllable data as JavaScript. An attacker may be able to use the vulnerability to construct…