AutoDetection & Exploitation of DOM Clobbering Vuln at Scale

Name: AutoDetection & Exploitation of DOM Clobbering Vuln at Scale
Description: DOM Clobbering is a class of web vulnerability that has existed since browser developers decided that HTML elements with `id` or `name` attributes should be accessible as properties on the global `win

Zhengyu Liu, Jianjia Yu

DEF CON 33 · Day 1 · Main Stage

DOM Clobbering is a class of web vulnerability that has existed since browser developers decided that HTML elements with `id` or `name` attributes should be accessible as properties on the global `win

AI review

Liu and Yu built Hulk, the first end-to-end dynamic taint analysis tool for DOM Clobbering, and ran it against the Tranco Top 5,000 to find 497 zero-day exploitable gadgets — including Webpack, Google Client API, and Astro — generating 19 CVEs and 12 complete exploit chains including XSS in Jupyter Notebook, JupyterLab, HackMD.io, and Canvas LMS.

Watch on YouTube