What is DOM Based XSS?
For purposes of this article, I will provide two attack vectors which can be utilized to alter a reflected XSS into a DOM based XSS vulnerability and examine them closely.
This payload applies string concatenation as well as location.hash which can infuse prohibited characters. Utilizing this is possible where the characters [, .,],+ are permitted and other regularly blocked characters like (, ),: are strictly prohibited. We introduced location.hash[index] so we could insert the forbidden characters which made it possible for these forbidden characters to be transferred subsequently the hash which is never transmitted to the server.
NOTE: The execution point is where the user input wanders into.
We can locate DOM based XSS using relatively simple techniques such as test scripts located here.