@inproceedings{BenKleBarJoh+21,
author = {Bensalim, Souphiane and Klein, David and Barber, Thomas and Johns, Martin},
title = {Talking About My Generation: Targeted DOM-Based XSS Exploit Generation Using Dynamic Data Flow Analysis},
year = {2021},
isbn = {9781450383370},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3447852.3458718},
doi = {10.1145/3447852.3458718},
abstract = {Since the invention of JavaScript 25 years ago, website functionality has been continuously shifting from the server-side to the client-side. Web browsers have evolved into an application platform, and HTML5 emerged as a first-class environment for building rich cross-platform applications. This additional functionality on the client-side comes with the added risk of new security issues with increasingly severe consequences. In this work, we investigate the prevalence of DOM-based Cross-Site Scripting (DOM-based XSS) in the top 100,000 most popular websites using a novel targeted exploit generation technique based on dynamic data-flow tracking. In total, this work finds 15,710 potentially insecure dataflows where information from the URL is injected into the HTML of the Web page. Using large-scale exploit generation and validation services, 7199 of these flows lead to JavaScript execution, across 711 different domains. This represents a successful exploit rate of 45.82%, improving on previous methods by factors of 1.8 and 1.9 respectively.},
booktitle = {Proceedings of the 14th European Workshop on Systems Security},
pages = {27–33},
numpages = {7},
keywords = {DOM-based XSS, Web Security, Taint Tracking, Exploit Generation},
location = {Online, United Kingdom},
series = {EuroSec '21}
}