logo

DOJO Challenge #22 Winners!

ID: 1365524f-455c-55d4-baa6-a77ad225cee5

STIX ID: report--1365524f-455c-55d4-baa6-a77ad225cee5

Feed Name: YesWeHack Blog | Cybersecurity Insights and Bug Bounty Trends| RSS Feed

Threat Score
25/100

Date Published: 2023-04-07

Date Updated: 2026-07-04

...
...

This write-up documents a DOM clobbering vulnerability in the 'Butters Adventure v2' challenge where injecting a named element (e.g., <img name="getElementById">) can override the document.getElementById API, causing a JavaScript TypeError and application crash; it provides a PoC payload and recommends mitigations such as input sanitization (DOMPurify/Sanitizer API), Content-Security-Policy, and freezing sensitive DOM objects.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.