Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-26 14:40:37 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/pentesting-web/xss-cross-site-scripting/dom-xss.md

321 lines
23 KiB
Markdown
Raw Normal View History

GitBook: [#3603] No subject
2022-10-13 00:56:34 +00:00
# DOM XSS
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
<details>
Translated to Serbian
2024-02-10 13:11:20 +00:00
<summary><strong>Naučite hakovanje AWS-a od nule do heroja sa</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
* Da li radite u **cybersecurity kompaniji**? Želite li da vidite vašu **kompaniju reklamiranu na HackTricks-u**? Ili želite da imate pristup **najnovijoj verziji PEASS-a ili preuzmete HackTricks u PDF formatu**? Proverite [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Otkrijte [**The PEASS Family**](https://opensea.io/collection/the-peass-family), našu kolekciju ekskluzivnih [**NFT-ova**](https://opensea.io/collection/the-peass-family)
* Nabavite [**zvanični PEASS & HackTricks swag**](https://peass.creator-spring.com)
* **Pridružite se** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord grupi**](https://discord.gg/hRep4RUj7f) ili [**telegram grupi**](https://t.me/peass) ili me **pratite** na **Twitter-u** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Podelite svoje hakovanje trikove slanjem PR-ova na** [**hacktricks repo**](https://github.com/carlospolop/hacktricks) **i** [**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud).
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
</details>
a
2024-02-06 03:10:27 +00:00
## DOM Vulnerabilities
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
DOM ranjivosti se javljaju kada podaci sa izvora pod kontrolom napadača (kao što su `location.search`, `document.referrer` ili `document.cookie`) nesigurno prenose na **sinks**. Sinks su funkcije ili objekti (npr. `eval()`, `document.body.innerHTML`) koji mogu izvršiti ili prikazati štetan sadržaj ako im se dostave zlonamerni podaci.
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
- **Sources** su ulazi koji mogu biti manipulisani od strane napadača, uključujući URL-ove, kolačiće i web poruke.
- **Sinks** su potencijalno opasni krajnji tačke gde zlonamerni podaci mogu dovesti do nepoželjnih efekata, kao što je izvršavanje skripti.
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
Rizik se javlja kada podaci teku sa izvora do sinka bez odgovarajuće validacije ili sanitizacije, omogućavajući napade poput XSS-a.
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
GitBook: [master] 472 pages modified
2021-05-27 11:59:23 +00:00
{% hint style="info" %}
Translated to Serbian
2024-02-10 13:11:20 +00:00
**Možete pronaći ažuriranu listu izvora i sinkova na** [**https://github.com/wisec/domxsswiki/wiki**](https://github.com/wisec/domxsswiki/wiki)
GitBook: [master] 472 pages modified
2021-05-27 11:59:23 +00:00
{% endhint %}
Translated to Serbian
2024-02-10 13:11:20 +00:00
**Uobičajeni izvori:**
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
```javascript
document.URL
document.documentURI
document.URLUnencoded
document.baseURI
location
document.cookie
document.referrer
window.name
history.pushState
history.replaceState
localStorage
sessionStorage
IndexedDB (mozIndexedDB, webkitIndexedDB, msIndexedDB)
Database
```
Translated to Serbian
2024-02-10 13:11:20 +00:00
**Uobičajeni izvori:**
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
| [**Otvoreno preusmeravanje**](dom-xss.md#open-redirect) | [**Ubacivanje JavaScript-a**](dom-xss.md#javascript-injection) | [**Manipulacija DOM podacima**](dom-xss.md#dom-data-manipulation) | **jQuery** |
GitBook: [#3111] No subject
2022-04-20 17:00:18 +00:00
| -------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------- | ------------------------------------------------------------- | ---------------------------------------------------------------------- |
| `location` | `eval()` | `scriptElement.src` | `add()` |
| `location.host` | `Function() constructor` | `scriptElement.text` | `after()` |
| `location.hostname` | `setTimeout()` | `scriptElement.textContent` | `append()` |
| `location.href` | `setInterval()` | `scriptElement.innerText` | `animate()` |
| `location.pathname` | `setImmediate()` | `someDOMElement.setAttribute()` | `insertAfter()` |
| `location.search` | `execCommand()` | `someDOMElement.search` | `insertBefore()` |
| `location.protocol` | `execScript()` | `someDOMElement.text` | `before()` |
| `location.assign()` | `msSetImmediate()` | `someDOMElement.textContent` | `html()` |
| `location.replace()` | `range.createContextualFragment()` | `someDOMElement.innerText` | `prepend()` |
| `open()` | `crypto.generateCRMFRequest()` | `someDOMElement.outerText` | `replaceAll()` |
Translated to Serbian
2024-02-10 13:11:20 +00:00
| `domElem.srcdoc` | **\`\`**[**Manipulacija lokalnom putanjom datoteke**](dom-xss.md#local-file-path-manipulation) | `someDOMElement.value` | `replaceWith()` |
GitBook: [#3111] No subject
2022-04-20 17:00:18 +00:00
| `XMLHttpRequest.open()` | `FileReader.readAsArrayBuffer()` | `someDOMElement.name` | `wrap()` |
| `XMLHttpRequest.send()` | `FileReader.readAsBinaryString()` | `someDOMElement.target` | `wrapInner()` |
| `jQuery.ajax()` | `FileReader.readAsDataURL()` | `someDOMElement.method` | `wrapAll()` |
| `$.ajax()` | `FileReader.readAsText()` | `someDOMElement.type` | `has()` |
Translated to Serbian
2024-02-10 13:11:20 +00:00
| **\`\`**[**Manipulacija Ajax zahtevom**](dom-xss.md#ajax-request-manipulation) | `FileReader.readAsFile()` | `someDOMElement.backgroundImage` | `constructor()` |
GitBook: [#3111] No subject
2022-04-20 17:00:18 +00:00
| `XMLHttpRequest.setRequestHeader()` | `FileReader.root.getFile()` | `someDOMElement.cssText` | `init()` |
| `XMLHttpRequest.open()` | `FileReader.root.getFile()` | `someDOMElement.codebase` | `index()` |
Translated to Serbian
2024-02-10 13:11:20 +00:00
| `XMLHttpRequest.send()` | [**Manipulacija linkom**](dom-xss.md#link-manipulation) | `someDOMElement.innerHTML` | `jQuery.parseHTML()` |
GitBook: [#3111] No subject
2022-04-20 17:00:18 +00:00
| `jQuery.globalEval()` | `someDOMElement.href` | `someDOMElement.outerHTML` | `$.parseHTML()` |
Translated to Serbian
2024-02-10 13:11:20 +00:00
| `$.globalEval()` | `someDOMElement.src` | `someDOMElement.insertAdjacentHTML` | [**Ubacivanje JSON-a na klijentskoj strani**](dom-xss.md#client-side-sql-injection) |
| **\`\`**[**Manipulacija HTML5 skladištem**](dom-xss.md#html-5-storage-manipulation) | `someDOMElement.action` | `someDOMElement.onevent` | `JSON.parse()` |
| `sessionStorage.setItem()` | [**Ubacivanje XPath-a**](dom-xss.md#xpath-injection) | `document.write()` | `jQuery.parseJSON()` |
GitBook: [#3111] No subject
2022-04-20 17:00:18 +00:00
| `localStorage.setItem()` | `document.evaluate()` | `document.writeln()` | `$.parseJSON()` |
Translated to Serbian
2024-02-10 13:11:20 +00:00
| **``**[**`Odbijanje usluge`**](dom-xss.md#denial-of-service)**``** | `someDOMElement.evaluate()` | `document.title` | **\`\`**[**Manipulacija kolačićima**](dom-xss.md#cookie-manipulation) |
| `requestFileSystem()` | **\`\`**[**Manipulacija domenskim imenom dokumenta**](dom-xss.md#document-domain-manipulation) | `document.implementation.createHTMLDocument()` | `document.cookie` |
| `RegExp()` | `document.domain` | `history.pushState()` | [**Trovanje URL-om WebSocket-a**](dom-xss.md#websocket-url-poisoning) |
| [**Ubacivanje SQL-a na klijentskoj strani**](dom-xss.md#client-side-sql-injection) | [**Manipulacija web porukama**](dom-xss.md#web-message-manipulation) | `history.replaceState()` | `WebSocket` |
GitBook: [#3111] No subject
2022-04-20 17:00:18 +00:00
| `executeSql()` | `postMessage()` | \`\` | \`\` |
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
**`innerHTML`** izvor ne prihvata `script` elemente na bilo kom modernom pregledaču, niti će se pokrenuti događaji `svg onload`. To znači da ćete morati koristiti alternativne elemente poput `img` ili `iframe`.
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
Ovaj tip XSS-a je verovatno **najteže pronaći**, jer morate pogledati unutar JS koda, videti da li koristi bilo koji objekat čiju **vrednost kontrolišete**, i u tom slučaju videti da li postoji **bilo koji način za zloupotrebu** kako bi se izvršio proizvoljni JS.
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
## Alati za pronalaženje
GitBook: [#2847] update find dom xss
2021-11-18 13:00:50 +00:00
* [https://github.com/mozilla/eslint-plugin-no-unsanitized](https://github.com/mozilla/eslint-plugin-no-unsanitized)
Translated to Serbian
2024-02-10 13:11:20 +00:00
## Primeri
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
### Otvoreno preusmeravanje
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
Sa: [https://portswigger.net/web-security/dom-based/open-redirection](https://portswigger.net/web-security/dom-based/open-redirection)
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
**Ranjivosti otvorenog preusmeravanja u DOM-u** se javljaju kada skripta upisuje podatke, koje napadač može kontrolisati, u izvor koji može pokrenuti navigaciju između domena.
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
Važno je razumeti da je moguće izvršiti proizvoljni kod, poput **`javascript:alert(1)`**, ako imate kontrolu nad početkom URL-a gde se preusmeravanje dešava.
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
Izvori:
a
2024-02-06 03:10:27 +00:00
```javascript
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
location
location.host
location.hostname
location.href
location.pathname
location.search
location.protocol
location.assign()
location.replace()
open()
domElem.srcdoc
XMLHttpRequest.open()
XMLHttpRequest.send()
jQuery.ajax()
$.ajax()
```
Translated to Serbian
2024-02-10 13:11:20 +00:00
### Manipulacija kolačićima
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
Izvor: [https://portswigger.net/web-security/dom-based/cookie-manipulation](https://portswigger.net/web-security/dom-based/cookie-manipulation)
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
Ranjivosti DOM bazirane manipulacije kolačićima se javljaju kada skripta uključuje podatke, koje može kontrolisati napadač, u vrednost kolačića. Ova ranjivost može dovesti do neočekivanog ponašanja veb stranice ako se kolačić koristi unutar sajta. Takođe, može biti iskorišćena za izvođenje napada fiksacije sesije ako je kolačić uključen u praćenje korisničkih sesija. Primarni izvor povezan sa ovom ranjivošću je:
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
Izvori:
a
2024-02-06 03:10:27 +00:00
```javascript
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
document.cookie
```
Translated to Serbian
2024-02-10 13:11:20 +00:00
### JavaScript Injekcija
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
Izvor: [https://portswigger.net/web-security/dom-based/javascript-injection](https://portswigger.net/web-security/dom-based/javascript-injection)
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
DOM-bazirane ranjivosti JavaScript injekcije se stvaraju kada se skripta izvršava kao JavaScript kod podaci koji mogu biti kontrolisani od strane napadača.
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
a
2024-02-06 03:10:27 +00:00
Sinks:
```javascript
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
eval()
Function() constructor
setTimeout()
setInterval()
setImmediate()
execCommand()
execScript()
msSetImmediate()
range.createContextualFragment()
crypto.generateCRMFRequest()
```
Translated to Serbian
2024-02-10 13:11:20 +00:00
### Manipulacija dokument domenom
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
Sa: [https://portswigger.net/web-security/dom-based/document-domain-manipulation](https://portswigger.net/web-security/dom-based/document-domain-manipulation)
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
**Ranjivosti manipulacije dokument domenom** se javljaju kada skripta postavlja svojstvo `document.domain` koristeći podatke koje napadač može kontrolisati.
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
Svojstvo `document.domain` igra **ključnu ulogu** u **sprovođenju** politike **iste-origin** od strane pregledača. Kada dve stranice sa različitih izvora postave svoj `document.domain` na **istu vrednost**, mogu međusobno da komuniciraju bez ograničenja. Iako pregledači postavljaju određena **ograničenja** na vrednosti koje se mogu dodeliti `document.domain`, sprečavajući dodelu potpuno nepovezanih vrednosti stvarnom poreklu stranice, postoje izuzeci. Obično pregledači dozvoljavaju korišćenje **poddomena** ili **roditeljskih domena**.
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
Izvori:
a
2024-02-06 03:10:27 +00:00
```javascript
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
document.domain
```
Translated to Serbian
2024-02-10 13:11:20 +00:00
### Trovanje WebSocket-URL-a
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
Izvor: [https://portswigger.net/web-security/dom-based/websocket-url-poisoning](https://portswigger.net/web-security/dom-based/websocket-url-poisoning)
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
**Trovanje WebSocket-URL-a** se javlja kada skripta koristi **kontrolisane podatke kao ciljni URL** za WebSocket konekciju.
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
a
2024-02-06 03:10:27 +00:00
Sinks:
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
Konstruktor `WebSocket` može dovesti do ranjivosti trovanja WebSocket-URL-a.
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
### Manipulacija linkovima
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
Izvor: [https://portswigger.net/web-security/dom-based/link-manipulation](https://portswigger.net/web-security/dom-based/link-manipulation)
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
**Ranjivosti manipulacije linkovima bazirane na DOM-u** se javljaju kada skripta upisuje **podatke koje napadač može kontrolisati u ciljni navigacioni element** unutar trenutne stranice, kao što je klikabilni link ili URL za slanje forme.
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
a
2024-02-06 03:10:27 +00:00
Sinks:
```javascript
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
someDOMElement.href
someDOMElement.src
someDOMElement.action
```
Translated to Serbian
2024-02-10 13:11:20 +00:00
### Manipulacija Ajax zahtevom
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
Izvor: [https://portswigger.net/web-security/dom-based/ajax-request-header-manipulation](https://portswigger.net/web-security/dom-based/ajax-request-header-manipulation)
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
**Ranjivosti manipulacije Ajax zahtevom** se javljaju kada skripta upisuje **podatke koje kontrolira napadač u Ajax zahtev** koji se izdaje koristeći objekat `XmlHttpRequest`.
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
Curenje:
a
2024-02-06 03:10:27 +00:00
```javascript
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
XMLHttpRequest.setRequestHeader()
XMLHttpRequest.open()
XMLHttpRequest.send()
jQuery.globalEval()
$.globalEval()
```
Translated to Serbian
2024-02-10 13:11:20 +00:00
### Manipulacija lokalnim putanjama datoteka
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
Izvor: [https://portswigger.net/web-security/dom-based/local-file-path-manipulation](https://portswigger.net/web-security/dom-based/local-file-path-manipulation)
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
**Ranjivosti manipulacije lokalnim putanjama datoteka** nastaju kada skripta prosleđuje **podatke koje kontrolira napadač API-ju za rukovanje datotekama** kao parametar `filename`. Ova ranjivost može biti iskorišćena od strane napadača da konstruiše URL koji, ako ga poseti drugi korisnik, može dovesti do toga da **korisnikov pregledač otvori ili upiše proizvoljnu lokalnu datoteku**.
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
Izvori:
a
2024-02-06 03:10:27 +00:00
```javascript
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
FileReader.readAsArrayBuffer()
FileReader.readAsBinaryString()
FileReader.readAsDataURL()
FileReader.readAsText()
FileReader.readAsFile()
FileReader.root.getFile()
FileReader.root.getFile()
```
Translated to Serbian
2024-02-10 13:11:20 +00:00
### Klijentska SQL ubrizgavanja
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
Izvor: [https://portswigger.net/web-security/dom-based/client-side-sql-injection](https://portswigger.net/web-security/dom-based/client-side-sql-injection)
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
**Klijentske SQL ubrizgavanja ranjivosti** se javljaju kada skripta uključuje **podatke koje kontrolira napadač u klijentski SQL upit na nesiguran način**.
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
Curenja:
a
2024-02-06 03:10:27 +00:00
```javascript
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
executeSql()
```
Translated to Serbian
2024-02-10 13:11:20 +00:00
### Manipulacija HTML5 skladištem
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
Izvor: [https://portswigger.net/web-security/dom-based/html5-storage-manipulation](https://portswigger.net/web-security/dom-based/html5-storage-manipulation)
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
**Ranjivosti manipulacije HTML5 skladištem** nastaju kada skripta **smešta podatke koje kontrolira napadač u HTML5 skladište web pregledača** (`localStorage` ili `sessionStorage`). Iako ova radnja sama po sebi nije bezbednosna ranjivost, postaje problematična ako aplikacija kasnije **čita smeštene podatke i nebezbedno ih obrađuje**. Ovo bi omogućilo napadaču da iskoristi mehanizam skladištenja za izvođenje drugih napada zasnovanih na DOM-u, kao što su XSS (cross-site scripting) i ubacivanje JavaScript koda.
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
Izvori:
a
2024-02-06 03:10:27 +00:00
```javascript
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
sessionStorage.setItem()
localStorage.setItem()
```
Translated to Serbian
2024-02-10 13:11:20 +00:00
### XPath ubrizgavanje
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
Izvor: [https://portswigger.net/web-security/dom-based/client-side-xpath-injection](https://portswigger.net/web-security/dom-based/client-side-xpath-injection)
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
**DOM-bazirane ranjivosti na XPath ubrizgavanje** se javljaju kada skripta uključuje **podatke koje kontrolira napadač u XPath upitu**.
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
Curenje:
a
2024-02-06 03:10:27 +00:00
```javascript
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
document.evaluate()
someDOMElement.evaluate()
```
Translated to Serbian
2024-02-10 13:11:20 +00:00
### Ubacivanje JSON-a na klijentskoj strani
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
Izvor: [https://portswigger.net/web-security/dom-based/client-side-json-injection](https://portswigger.net/web-security/dom-based/client-side-json-injection)
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
**DOM bazirane ranjivosti ubacivanja JSON-a** se javljaju kada skripta uključuje **podatke koje kontrolira napadač u string koji se parsira kao JSON struktura podataka, a zatim se obrađuje od strane aplikacije**.
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
Curenje:
a
2024-02-06 03:10:27 +00:00
```javascript
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
JSON.parse()
jQuery.parseJSON()
$.parseJSON()
```
Translated to Serbian
2024-02-10 13:11:20 +00:00
### Manipulacija web porukama
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
Sa: [https://portswigger.net/web-security/dom-based/web-message-manipulation](https://portswigger.net/web-security/dom-based/web-message-manipulation)
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
**Ranjivosti web poruka** se javljaju kada skripta šalje podatke koje kontrolira napadač kao web poruku drugom dokumentu unutar pregledača. **Primer** ranjivosti manipulacije web porukama može se pronaći na [PortSwigger-ovoj Akademiji za web bezbednost](https://portswigger.net/web-security/dom-based/controlling-the-web-message-source).
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
Izvori:
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
Metoda `postMessage()` za slanje web poruka može dovesti do ranjivosti ako slušalac događaja za prijem poruka obrađuje dolazne podatke na nesiguran način.
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
### Manipulacija DOM podacima
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
Sa: [https://portswigger.net/web-security/dom-based/dom-data-manipulation](https://portswigger.net/web-security/dom-based/dom-data-manipulation)
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
**Ranjivosti manipulacije DOM podacima** se javljaju kada skripta upisuje podatke koje kontrolira napadač u polje unutar DOM-a koje se koristi u vidljivom korisničkom interfejsu ili klijentskoj logici. Ova ranjivost može biti iskorišćena od strane napadača da konstruiše URL koji, ako ga poseti drugi korisnik, može promeniti izgled ili ponašanje klijentskog korisničkog interfejsa.
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
Izvori:
a
2024-02-06 03:10:27 +00:00
```javascript
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
scriptElement.src
scriptElement.text
scriptElement.textContent
scriptElement.innerText
someDOMElement.setAttribute()
someDOMElement.search
someDOMElement.text
someDOMElement.textContent
someDOMElement.innerText
someDOMElement.outerText
someDOMElement.value
someDOMElement.name
someDOMElement.target
someDOMElement.method
someDOMElement.type
someDOMElement.backgroundImage
someDOMElement.cssText
someDOMElement.codebase
document.title
document.implementation.createHTMLDocument()
history.pushState()
history.replaceState()
```
Translated to Serbian
2024-02-10 13:11:20 +00:00
### Odbijanje usluge
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
Izvor: [https://portswigger.net/web-security/dom-based/denial-of-service](https://portswigger.net/web-security/dom-based/denial-of-service)
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
**DOM-based ranjivosti odbijanja usluge** se javljaju kada skripta nesigurno prosleđuje podatke koje kontrolira napadač do problematičnog API-ja platforme. To uključuje API-je koji, kada se pozovu, mogu dovesti do toga da računar korisnika troši prekomerne količine CPU-a ili prostora na disku. Takve ranjivosti mogu imati značajne sporedne efekte, kao što je ograničavanje funkcionalnosti veb pregledača odbijanjem pokušaja skladištenja podataka u `localStorage` ili prekid zauzetih skripti.
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
Izvori:
a
2024-02-06 03:10:27 +00:00
```javascript
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
requestFileSystem()
RegExp()
```
GitBook: [#3603] No subject
2022-10-13 00:56:34 +00:00
## Dom Clobbering
GitBook: [#3111] No subject
2022-04-20 17:00:18 +00:00
GITBOOK-3776: No subject
2023-02-10 15:56:22 +00:00
{% content-ref url="dom-clobbering.md" %}
[dom-clobbering.md](dom-clobbering.md)
{% endcontent-ref %}
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
<details>
Translated to Serbian
2024-02-10 13:11:20 +00:00
<summary><strong>Naučite hakovanje AWS-a od nule do heroja sa</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated to Serbian
2024-02-10 13:11:20 +00:00
* Da li radite u **cybersecurity kompaniji**? Želite li da vidite **vašu kompaniju reklamiranu na HackTricks-u**? Ili želite da imate pristup **najnovijoj verziji PEASS-a ili preuzmete HackTricks u PDF formatu**? Proverite [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Otkrijte [**The PEASS Family**](https://opensea.io/collection/the-peass-family), našu kolekciju ekskluzivnih [**NFT-ova**](https://opensea.io/collection/the-peass-family)
* Nabavite [**zvanični PEASS & HackTricks swag**](https://peass.creator-spring.com)
* **Pridružite se** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord grupi**](https://discord.gg/hRep4RUj7f) ili [**telegram grupi**](https://t.me/peass) ili me **pratite** na **Twitter-u** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Podelite svoje hakovanje trikove slanjem PR-ova na** [**hacktricks repo**](https://github.com/carlospolop/hacktricks) **i** [**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud).
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
</details>
Reference in a new issue Copy permalink