Question

Q:5. Which of the following is true for DOM-based XSS attack ?
1.Set the HttpOnly flag in cookies
2.Ensure that session IDs are not exposed in a URL
3.payload can not be found in response
4.None of the above
right reason also

Answer 1

Answer:

2

Explanation:

An attacker may use several DOM objects to create a Cross-site Scripting attack. The most popular objects from this perspective are document.url, document.location, and document.referrer. Potential consequences of DOM-based XSS vulnerabilities are classified in the OWASP Top 10 2017 document as moderate