DOJO Challenge #22 Winners!
ID: 1365524f-455c-55d4-baa6-a77ad225cee5
STIX ID: report--1365524f-455c-55d4-baa6-a77ad225cee5
Feed Name: YesWeHack Blog | Cybersecurity Insights and Bug Bounty Trends| RSS Feed
This write-up documents a DOM clobbering vulnerability in the 'Butters Adventure v2' challenge where injecting a named element (e.g., <img name="getElementById">) can override the document.getElementById API, causing a JavaScript TypeError and application crash; it provides a PoC payload and recommends mitigations such as input sanitization (DOMPurify/Sanitizer API), Content-Security-Policy, and freezing sensitive DOM objects.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
