{"id":32,"date":"2014-04-25T08:42:16","date_gmt":"2014-04-25T03:42:16","guid":{"rendered":"http:\/\/www.chmosama.com\/blog\/?p=32"},"modified":"2017-12-24T15:16:46","modified_gmt":"2017-12-24T10:16:46","slug":"dom-cross-site-scripting-xss-found-in-lookout","status":"publish","type":"post","link":"https:\/\/www.chmosama.com\/blog\/dom-cross-site-scripting-xss-found-in-lookout\/","title":{"rendered":"DOM-Cross Site Scripting (XSS) Found in Lookout"},"content":{"rendered":"

Ch. Muhammad Osama, an independent vulnerability researcher has discovered a DOM Cross-Site Scripting (XSS) vulnerability in Lookout\u00a0website www.lookout.com, which can be exploited by an attacker to conduct XSS attacks.<\/p>\n

DOM Cross-Site Scripting\u00a0:-<\/strong><\/p>\n

DOM Based XSS (or as it is called in some texts, \u201ctype-0 XSS\u201d) is an XSS attack wherein the attack payload is executed as a result of modifying the DOM \u201cenvironment\u201d in the victim\u2019s browser used by the original client side script, so that the client side code runs in an \u201cunexpected\u201d manner. That is, the page itself (the HTTP response that is) does not change, but the client side code contained in the page executes differently due to the malicious modifications that have occurred in the DOM environment.<\/p>\n

This is in contrast to other XSS attacks (stored or reflected), wherein the attack payload is placed in the response page (due to a server side flaw).<\/p>\n

Proof of Concept :-<\/strong><\/p>\n

URL :-\u00a0POC Link Here<\/a><\/p>\n

\"lookout-poc-aurora\"<\/p>\n

\"lookout-poc-opera\"\"lookout-poc-opera\"<\/p>\n

Video Explanation :-<\/p>\n