The payload cannot be found in the response. It is possible if the web application s client side scripts write data provided by the user to the document object model dom.
This means that an attacker could perform stored xss or stored dom xss in which they simply execute code on the client or they execute code which modifies the page layout itself via dom.
Dom vs reflected xss. Learn more about dom based xss and reflected xss. A user enter a payload of some sort into a field and an alert box got popped. Hence dom based xss are more favourable to attackers than reflected xss the difference being the complexity of pulling off the attack.
In dom xss dom refers to document object model. For more advanced viewers. In this series i m going to do some explaining on different exploits and attacks.
Given that both server xss and client xss can be stored or reflected this new terminology results in a simple clean 2 x 2 matrix with client server xss on one axis and stored and reflected xss on the other axis as depicted in dave witchers dom based xss talk 2. Dom based xss is simply a subset of client xss where the source of the data is somewhere in the dom rather than from the server. The main difference between dom based xss and reflected xss is that the dom based xss is a type of xss that processes data from an untrusted source by writing data to a potentially dangerous sink within the dom.
A common misconception is that dom is another form of xss when in fact it is a modifier to stored and reflected xss. Therefore dom based xss is more severe than reflect xss but less severe than persistent. These attacks are often made using social networks.
Dom based xss simply means a cross site scripting vulnerability that appears in the dom document object model instead of part of the html. In reflective and stored cross site scripting attacks you can see the vulnerability payload in the response page but in dom based cross site scripting the html source code and response of the attack will be exactly the same i e. It s relatively similar to reflected xss but the difference is that in modifying the dom the data might not ever got to the server which changes how it can should be mitigated as server side filters might not be effective.
But the reflected xss is a type of xss that occurs when an application obtains data in an http request and includes that data within the immediate response in an unsafe way. However there is a slight difference.