Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Learn about DOM Clobbering vulnerabilities and their automated detection through this 38-minute conference talk from DEF CON 33. Discover how DOM Clobbering exploits naming collisions between DOM elements and JavaScript variables to achieve malicious outcomes like Cross-site Scripting attacks. Explore a comprehensive four-stage systematization of DOM Clobbering exploitation that combines existing techniques with newly introduced clobbering primitives. Examine Hulk, the first dynamic analysis tool capable of automatically detecting DOM Clobbering gadgets and generating complete working exploits end-to-end. Review alarming research findings that uncovered 497 zero-day DOM Clobbering gadgets across the Tranco Top 5,000 websites, affecting major client-side libraries including Google Client API, Webpack, Vite, Rollup, and Astro. Understand the systematic analysis of HTML Injection vulnerabilities that revealed over 200 vulnerable websites and enabled complete attack chains in popular applications such as Jupyter Notebook/JupyterLab, HackMD.io, and Canvas LMS. Gain insights into research that has resulted in 19 CVE identifiers being assigned and prompted security patches from affected vendors.
