One or more embodiments disclosed within this specification relate detection of Document Object Model (DOM) based cross-site scripting vulnerabilities.
With the advent of Internet based technologies, Web applications are increasingly becoming more sophisticated. As these technologies become more sophisticated, they also become vulnerable to exploits by unscrupulous users who access the Web-based applications (hereinafter “Web applications”). These exploits often are notoriously hard to find, in particular when a user provides a malicious payload to a server of a Web application, for instance in a user request. The Web application may be especially vulnerable if the Web application uses a template for responses, such as an HTML response template, which is instantiated using dynamic values, such as request parameters, provided by a user.
In illustration, during cross-site scripting (XSS) attack, a user request may include a malicious payload that includes HTML markup language which a website's JavaScript™ code does not expect, and this HTML markup can be echoed to the Web application's DOM at runtime. To subsequent clients, the HTML markup echoed into the DOM may be indistinguishable from other parts of the DOM. This HTML markup can change the manner in which the Web application handles subsequent user requests, and thus can alter the manner in which the Web application responds to the user requests. For example, a malicious payload can cause an undesired response to be rendered into a HTML's DOM response provided from the Web application to a client-side application, such as a web browser.