DOM based XSS

[Saurabh Pundir]

Trying to learn the basic concepts of this vulnerability but not getting what exactly we do in this attack?? 

Please share some thing useful to get this bug.

How do we use firebug to inspect DOM ??

How can we use firebug to find out the vulnerable points where we can inject our payloads?

Any example with a vulnerable website would be great :)

[Acche Din]

Don't get caught up with the jargon. An XSS is an XSS, doesnt matter by what name you call it. DOM based XSS just refers to the location where the vulnerability exists. It exists in the DOM! I Modern web pages have a whole lot of JavaScript going on in the back-end. They detect user interactions and make HTTP request in the DOM, updating pages in the background. That is they take input via JavaScript calls. Wherever there is input, there is risk of XSS.

--
_______________________________________________________________________________
null - Spreading the right Information
null Mailing list charter: http://null.co.in/section/about/null_list_charter/
---
You received this message because you are subscribed to the Google Groups "null" group.
To unsubscribe from this group and stop receiving emails from it, send an email to null-co-in+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Acche Din]

The latest version of Burp Suite has experimental support for DOM based XSS. Read up on it and play with it.
http://blog.portswigger.net/2014/07/burp-gets-new-javascript-analysis.html

[Pushkar Sathe]

How can we use firebug to inspect dom & find vulnerable inputs for xss payloads??

[Saurabh Pundir]

Thank you for your nice response ...

Can u give some thing more about finding the location for this bug in dom??? can we use firebug or any other addon for this purpose ???