DOM Clobbering

00 — Overview

DOM Clobbering

Named HTML elements automatically become properties of the window object in browsers. Learn how attackers exploit this to overwrite JavaScript configuration, bypass security checks, and chain two-level clobbering to reach nested properties.

Intermediate·35 min·6 tasks

// By the end of this module

→Explain how named HTML elements become global window properties

→Clobber a single-level window property using an id attribute

→Chain two anchor elements to overwrite a two-level property like window.app.settings

→Bypass security checks that rely on JavaScript configuration objects

// Prerequisites

Complete these before starting this module for the best experience.

Injection · Beginner

Cross-Site Scripting (XSS)

35 min

→

Foundation · Beginner

Browser DevTools for Hackers

20 min

→