← Back to All Scanners
Advanced AttacksMedium Severity

DOM Clobbering Scanner

Tests for DOM clobbering attacks affecting JavaScript execution.

Try This Scanner

What is DOM Clobbering?

DOM Clobbering is an attack where HTML elements with id or name attributes can override JavaScript variables and properties of the document and window objects. Attackers inject HTML that creates elements which shadow expected JavaScript values, leading to code execution or security bypass.

Why is This Important?

DOM clobbering can bypass sanitizers that only focus on JavaScript, achieve XSS through seemingly harmless HTML, and break security logic that relies on undefined/null checks. It's particularly dangerous in environments that allow HTML but block JavaScript.

How It Works

1. Attack Surface Mapping

Identifies complex attack vectors including race conditions, desync points, and logic flaws in your application.

2. Advanced Exploitation

Executes sophisticated attack techniques that bypass traditional security controls and detection mechanisms.

3. Impact Assessment

Demonstrates real-world impact with detailed exploitation chains and business risk analysis.

Key Capabilities

Expert-level security testing for sophisticated vulnerabilities that evade traditional scanning tools.

  • Race condition and timing attack detection
  • Request smuggling and desync analysis
  • Business logic flaw identification
  • Chained exploit development
  • Protocol-level vulnerability testing

Frequently Asked Questions

How does DOM clobbering work?

HTML <img id='x'> creates window.x and document.x pointing to that element. If JavaScript checks 'if (x) { use(x) }' expecting undefined, the element is truthy and might be used unsafely. Attackers craft elements to match variable names, hijacking code flow.

What properties can be clobbered?

Clobberable: window properties via id, document properties via name, nested properties using forms with inputs (form.inputname), attributes becoming accessible (img.src → window.x.src), and chained clobbering using collection behavior.

What attacks are possible with DOM clobbering?

Attacks: hijacking URL properties to redirect/inject, overwriting security configuration, bypassing feature detection, triggering errors in expected code paths, and when combined with other vulnerabilities, achieving XSS through manipulation of trusted values.

How do I prevent DOM clobbering?

Prevention: use strict content security policies, validate that expected objects aren't DOM elements (check constructor), prefix internal variables to avoid collisions, use Object.hasOwnProperty instead of in checks, sanitize HTML to remove suspicious id/name attributes, and use shadow DOM for isolation.

Related Scanners

Race Condition - TOCTOUHigh
Learn more →
Race Condition - Limit BypassMedium
Learn more →
Race Condition - Double SpendCritical
Learn more →
Request Smuggling - CL.TECritical
Learn more →

Ready to secure your application?

Start testing for dom clobbering vulnerabilities today.

Get Started Free