# DOM-based vulnerabilities {% hint style="info" %} DOM-based vulnerabilities arise when a website passes data from a source to a sink. {% endhint %} {% hint style="info" %} **A sink** is a potentially dangerous JavaScript function or DOM object that can cause undesirable effects if attacker-controlled data is passed to it. For example, the **`eval()`** function is a sink because it processes the argument that is passed to it as JavaScript. An example of an HTML sink is **`document.body.innerHTML`** because it potentially allows an attacker to inject malicious HTML and execute arbitrary JavaScript. {% endhint %} {% hint style="info" %} **A source** is a JavaScript property that accepts data that is potentially attacker-controlled. An example of a source is the **`location.search`** property because it reads input from the query string, which is relatively simple for an attacker to control {% endhint %} ## Common sources: ``` document.URL document.documentURI document.URLUnencoded document.baseURI location document.cookie document.referrer window.name history.pushState history.replaceState localStorage sessionStorage IndexedDB (mozIndexedDB, webkitIndexedDB, msIndexedDB) Database ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://shahidulandshamim.gitbook.io/web-application/exploitation/dom-based-vulnerabilities.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.