Overview
DOM Injection may occcur when the web page uses DOM manipulation to update the HTML of the page in response to user input. This is typically done using JavaScript.
Video Tutorials
Discovery Methodology
Locate pages which use DOM manipulation to update the page without returning to the server. This can often be detected when a client proxy such as Burp does NOT intercept a request when a page updates.
Exploitation
Inject the field or event from which the page will be updated and inject HTML or JavaScript into the field or event.
Example
Use Firebug or similar to examine the message that appears when a new item is added to storage. The message appears in a label below the two input fields. Inject XSS into the "key" field. This is output into the message. Craft a XSS to read the DOM storage or perform other action.
Videos
Cross-Site Scripting: Part 1- What is Reflected XSS?Cross-Site Scripting: Part 2 - What is DOM-based XSS?Cross-Site Scripting: Part 3 - What is Persistent XSS?Cross-Site Scripting: Part 4 - How Output Encoding Stops XSSCross-Site Scripting: Part 5 - How to Test Output EncodingWhat is Content Security Policy? - Part 1What is Content Security Policy? - Part 2What is Content Security Policy? - Part 3What is Content Security Policy? - Part 4What is Content Security Policy? - Part 5Content Security Policy: Script Source (script-src)How to Set HTTP Headers Using Apache ServerCheck HTTP Headers with cURLHow to Check HTTP Headers (Command Line)How to Check HTTP Headers from BrowserCookies: Part 1 - How HTTPOnly WorksWhat is the XSS Protection Header?Check for Vulnerable Libraries in Your Web ApplicationHow to Enable Apache Mod-Headers