JSChecklist

The document provides a checklist of DOM-based vulnerabilities in JavaScript including DOM-based DOS, client-side SQL injection, open redirection, link manipulation, cookie manipulation, JavaScript injection, local file-path manipulation, and Ajax request-header manipulation.

Uploaded by

setyahangga3

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

36 views2 pages

JSChecklist

Uploaded by

setyahangga3

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 2

JS Checklist

This is a small JS checklist that helped me score a few bounties with DOM-based
vulnerabilities.
If this helped you, know that there’s a way to automate this using
Nova Security Scanner.

DOM-based DOS can be induced if user-input lands in requestFileSystem() or

RegExp()

Client-side SQLi can exist if user-input lands in executeSql() (database is created

via the var db = openDatabase() function, and later called via db.transaction(function(tx)
{tx.executeSql("...")}) )

DOM-based open redirection can exist if user-input lands into one of the following
sinks:
location
location.host
location.hostname
location.href
location.pathname
location.search
location.protocol
location.assign()
location.replace()
open()
element.srcdoc
XMLHttpRequest.open()
XMLHttpRequest.send()
jQuery.ajax()
$.ajax()

DOM-based link manipulation can be caused by one of the following sinks:

element.href
element.src
element.action

JS Checklist 1
DOM-based cookie manipulation can exist if arbitrary user-input gets injected
inside the document.cookie sink

DOM-based javascript injection can be caused if arbitrary user-input ends in one

of the following sinks:
eval()
Function()
setTimeout()
setInterval()
setImmediate()
execCommand()
execScript()
msSetImmediate()
range.createContextualFragment()
crypto.generateCRMFRequest()

DOM-based local file-path manipulation can be induced by one of the following

sinks:
FileReader.readAsArrayBuffer()
FileReader.readAsBinaryString()
FileReader.readAsDataURL()
FileReader.readAsText()
FileReader.readAsFile()
FileReader.root.getFile()

DOM-based Ajax request-header manipulation can be caused by one of the

following sinks:
XMLHttpRequest.setRequestHeader()
XMLHttpRequest.open()
XMLHttpRequest.send()
jQuery.globalEval()
$.globalEval()

Follow @0xblackbird on Twitter for more like this!

JS Checklist 2

DOM-Based Vulnerabilities Complete Guide Theory Video Slides
No ratings yet
DOM-Based Vulnerabilities Complete Guide Theory Video Slides
68 pages
Nodejs Security Handbook
No ratings yet
Nodejs Security Handbook
28 pages
Bug Hunting for Security Experts
No ratings yet
Bug Hunting for Security Experts
64 pages
Pentest Qna 68
No ratings yet
Pentest Qna 68
12 pages
Comprehensive Vulnerability Checklist
No ratings yet
Comprehensive Vulnerability Checklist
4 pages
JavaScript File Analysis Guide
No ratings yet
JavaScript File Analysis Guide
7 pages
Document2 1
No ratings yet
Document2 1
27 pages
Applications of Javascript Frameworks & Protect Web Page Css
No ratings yet
Applications of Javascript Frameworks & Protect Web Page Css
7 pages
?A Security Guide For JavaScript Dev
No ratings yet
?A Security Guide For JavaScript Dev
12 pages
CODE 6-2021 Amended
No ratings yet
CODE 6-2021 Amended
76 pages
DOM XSS Risks & Mitigation
No ratings yet
DOM XSS Risks & Mitigation
3 pages
Security
No ratings yet
Security
52 pages
Cross-Site Scripting (XSS) : Offense
No ratings yet
Cross-Site Scripting (XSS) : Offense
24 pages
UI Redressing: Attacks and Countermeasures Revisited: Marcus Niemietz Marcus - Niemietz@rub - de
No ratings yet
UI Redressing: Attacks and Countermeasures Revisited: Marcus Niemietz Marcus - Niemietz@rub - de
45 pages
Top Hackers Methodology and Tools
No ratings yet
Top Hackers Methodology and Tools
26 pages
Bug Bounty Exploit Guide
No ratings yet
Bug Bounty Exploit Guide
2 pages
SEO Guide: Dorking & .js File Analysis
No ratings yet
SEO Guide: Dorking & .js File Analysis
9 pages
Top 100 Bugs Step To Step Handbook
No ratings yet
Top 100 Bugs Step To Step Handbook
37 pages
DOM XSS Guide for Web Developers
No ratings yet
DOM XSS Guide for Web Developers
3 pages
25k Xss Vulnerabilities Overview
No ratings yet
25k Xss Vulnerabilities Overview
12 pages
An Empirical Study of Privacy-Violating Information Flows in Javascript Web Applications
No ratings yet
An Empirical Study of Privacy-Violating Information Flows in Javascript Web Applications
14 pages
Web Browser Security
No ratings yet
Web Browser Security
70 pages
Practical Skills
No ratings yet
Practical Skills
7 pages
400+ Javascript Interview Questions
100% (1)
400+ Javascript Interview Questions
176 pages
Bug Bounty Bootcamp
No ratings yet
Bug Bounty Bootcamp
2 pages
Full 7 Month Coding AI Cybersecurity Checklist
No ratings yet
Full 7 Month Coding AI Cybersecurity Checklist
3 pages
The Bug Hunters Methodology
No ratings yet
The Bug Hunters Methodology
79 pages
Top 10 Most Common Java Vulnerabilities
No ratings yet
Top 10 Most Common Java Vulnerabilities
3 pages
Security Bugs Ebookggggfffg
No ratings yet
Security Bugs Ebookggggfffg
12 pages
Chapter Five - Browsers Beyond
No ratings yet
Chapter Five - Browsers Beyond
116 pages
Unraveling Some Mysteries Around DOM-based XSS
No ratings yet
Unraveling Some Mysteries Around DOM-based XSS
42 pages
Bug Bounty Playbook V2 PDF
80% (10)
Bug Bounty Playbook V2 PDF
250 pages
Security Checklist For Developers
No ratings yet
Security Checklist For Developers
4 pages
Exploitingunknownbrowsers
No ratings yet
Exploitingunknownbrowsers
42 pages
Week 4.1 What Are We Covering This Week? 4.1 - DOM, Dynamic Frontends, Connecting FE To BE 4.2 - Chrome Developer Tools, Why Frontend Frameworks
No ratings yet
Week 4.1 What Are We Covering This Week? 4.1 - DOM, Dynamic Frontends, Connecting FE To BE 4.2 - Chrome Developer Tools, Why Frontend Frameworks
25 pages
Node Js Secure Coding Mitigate
No ratings yet
Node Js Secure Coding Mitigate
131 pages
How I Would Hack You and Attack You
No ratings yet
How I Would Hack You and Attack You
4 pages
Adobe AEM Security Exploits
No ratings yet
Adobe AEM Security Exploits
23 pages
Dom Xss Tips and Tricks
No ratings yet
Dom Xss Tips and Tricks
5 pages
Js Security Slide Deck
No ratings yet
Js Security Slide Deck
1 page
JavaScript For Hackers
50% (2)
JavaScript For Hackers
51 pages
IT Security Audit Essentials
No ratings yet
IT Security Audit Essentials
4 pages
Memorytarget
No ratings yet
Memorytarget
6 pages
Javascript and CSS
No ratings yet
Javascript and CSS
39 pages
Snyk Top 10: Code Vulnerabilities in 2022
No ratings yet
Snyk Top 10: Code Vulnerabilities in 2022
6 pages
Javascript Sem6 Bca
No ratings yet
Javascript Sem6 Bca
52 pages
Sreegar Prasad Ravi Tryhackme Junior Pentest
No ratings yet
Sreegar Prasad Ravi Tryhackme Junior Pentest
8 pages
Android Penetration Testing Checklist
No ratings yet
Android Penetration Testing Checklist
13 pages
Unraveling Some of The Mysteries Around DOM-based XSS
100% (1)
Unraveling Some of The Mysteries Around DOM-based XSS
36 pages
Web Vulnerabilities Guide
No ratings yet
Web Vulnerabilities Guide
35 pages
Getting Started With Javascriptnetje PDF
No ratings yet
Getting Started With Javascriptnetje PDF
2 pages
Windows Privilege Escalation
No ratings yet
Windows Privilege Escalation
53 pages
My Darkest Desires Telegram OS
No ratings yet
My Darkest Desires Telegram OS
13 pages
Hacking LLM
100% (1)
Hacking LLM
33 pages
JWT Hacking
No ratings yet
JWT Hacking
8 pages
Pwning The Domain DACL Abuse EBook
No ratings yet
Pwning The Domain DACL Abuse EBook
20 pages
Some More Examples GivenText 9 1 2023
No ratings yet
Some More Examples GivenText 9 1 2023
15 pages
HTTP Request Smuggling Guide
No ratings yet
HTTP Request Smuggling Guide
18 pages
?admin Panel Bypass Checklist?
100% (2)
?admin Panel Bypass Checklist?
3 pages
XML External Entity XXE Attack 1704716540
No ratings yet
XML External Entity XXE Attack 1704716540
19 pages
IDOR
No ratings yet
IDOR
3 pages
The Top Hacker Methodologies & Tools Notes
No ratings yet
The Top Hacker Methodologies & Tools Notes
23 pages
Cross Site Scripting XSS Regex Bypass 1704538523
No ratings yet
Cross Site Scripting XSS Regex Bypass 1704538523
5 pages
?jira Vulnerability Checklist?
No ratings yet
?jira Vulnerability Checklist?
5 pages
Information Disclosure Vulnerability
No ratings yet
Information Disclosure Vulnerability
8 pages
RCE Vulnerability Checklist Guide
No ratings yet
RCE Vulnerability Checklist Guide
2 pages
SSRF Guide for Security Experts
No ratings yet
SSRF Guide for Security Experts
6 pages
Long Password DOS Attack
100% (1)
Long Password DOS Attack
6 pages
Public Information Gathering
100% (1)
Public Information Gathering
23 pages
Top Business Logic Reports
No ratings yet
Top Business Logic Reports
8 pages
CORS Misconfiguration
No ratings yet
CORS Misconfiguration
14 pages
Reconnaissance - Phase-2
No ratings yet
Reconnaissance - Phase-2
9 pages
Pen Testing Tools Cheat Sheet
No ratings yet
Pen Testing Tools Cheat Sheet
39 pages
NTLM Abuse Methods
No ratings yet
NTLM Abuse Methods
22 pages
GitHub Dorking: Sensitive Data List
No ratings yet
GitHub Dorking: Sensitive Data List
42 pages
Web Logic Vulnerability
No ratings yet
Web Logic Vulnerability
57 pages
CrackMapExec and NetExec Cheat Sheet
No ratings yet
CrackMapExec and NetExec Cheat Sheet
10 pages
Top XSS Reports from HackerOne
No ratings yet
Top XSS Reports from HackerOne
91 pages
Abusing HTTP Hop-By-Hop Request Headers
No ratings yet
Abusing HTTP Hop-By-Hop Request Headers
4 pages

JSChecklist

Uploaded by

JSChecklist

Uploaded by

JS Checklist

DOM-based DOS can be induced if user-input lands in requestFileSystem() or

Client-side SQLi can exist if user-input lands in executeSql() (database is created

DOM-based link manipulation can be caused by one of the following sinks:

DOM-based javascript injection can be caused if arbitrary user-input ends in one

DOM-based local file-path manipulation can be induced by one of the following

DOM-based Ajax request-header manipulation can be caused by one of the

Follow @0xblackbird on Twitter for more like this!

You might also like