XSS vulnerabilities are the most common type of Internet vulnerabilities nowadays. XSS attacks may be triggered in various browsers such as IE, Chrome and FireFox, causing serious damages.
In general, XSS enables attackers to inject malicious code into web pages and trick users to access; when a user views the web page, the malicious code is executed, and the attacker steals user information or infects the user's computer with a Trojan horse and gains control of the computer remotely. Common reflected XSS has the obvious echo feature in the source code of the returned page, thus easy to detect. Unlike common reflected XSS, DOM based XSS is triggered when a browser executes JavaScript (simply referred to as JS) and changes the DOM tree of a page, and malicious code is not echoed in the source code of the returned page.
Conventional methods for DOM based XSS vulnerability detection can only find an XSS vulnerability when execution of inserted feature JS code is triggered, which is only possible when the feature JS code uses the same grammar as the context of the dynamic web page; therefore, numerous attempts need to be made with different types of feature JS code, significantly reducing vulnerability finding capability and detection efficiency due to the time required for each attempt of executing JS code.