Загрузка...
Все видеоНовые видеоПопулярные видео

PortSwigger XSS Lab: Reflected DOM XSS

En este video, exploramos una vulnerabilidad de tipo Reflected DOM y analizamos cómo estas fallas pueden comprometer la seguridad de una aplicación web. Las vulnerabilidades reflejadas en el DOM ocurren cuando una aplicación del lado del servidor procesa datos provenientes de una solicitud y los devuelve en la respuesta, permitiendo que un script en la página maneje esos datos de forma insegura.

Durante la demostración, mostramos cómo es posible aprovechar el uso indebido del método eval en combinación con el control sobre el parámetro location.search. Este parámetro nos permite manipular la respuesta del servidor, específicamente el contenido de this.responseText, que es tratado como una cadena de texto similar a un objeto JSON. Al inyectar un script malicioso que invoca la función alert(), evidenciamos el riesgo que representa procesar datos reflejados sin validación adecuada.

Видео PortSwigger XSS Lab: Reflected DOM XSS канала mexploit
Комментарии отсутствуют
Информация о видео
24 ноября 2024 г. 7:05:07
00:10:52
mexploit
Правообладателям
Жалоба на материал Недопустимый материал Нарушение авторских прав
Комментарии
Поделиться
Другие видео канала
Reflected XSS in a JavaScript URL with some characters blockedReflected XSS in a JavaScript URL with some characters blockedPortSwigger XSS Lab: Reflected XSS into a JavaScript string with angle brackets HTML encodedPortSwigger XSS Lab: Reflected XSS into a JavaScript string with angle brackets HTML encodedPortSwigger XSS Lab: Stored XSS into anchor href attribute with double quotes HTML-encodedPortSwigger XSS Lab: Stored XSS into anchor href attribute with double quotes HTML-encodedPortSwigger XSS Lab: DOM XSS in document.write sink using source location.searchPortSwigger XSS Lab: DOM XSS in document.write sink using source location.searchReflected XSS with event handlers and href attributes blockedReflected XSS with event handlers and href attributes blockedPortSwigger XSS Lab: Reflected XSS in canonical link tagPortSwigger XSS Lab: Reflected XSS in canonical link tagEscaneo de puertos y servicios expuestos en un dispositivo (portscan)Escaneo de puertos y servicios expuestos en un dispositivo (portscan)PortSwigger XSS Lab: DOM XSS in jQuery anchor href attribute sink using location.search sourcePortSwigger XSS Lab: DOM XSS in jQuery anchor href attribute sink using location.search sourcePortSwigger Lab: Exploiting cross-site scripting to capture passwords (sin Burp Collaborator)PortSwigger Lab: Exploiting cross-site scripting to capture passwords (sin Burp Collaborator)XSS into a JavaScript string with angle brackets and double quotes HTML-encoded and single quotes...XSS into a JavaScript string with angle brackets and double quotes HTML-encoded and single quotes...XSS Lab: DOM XSS in document.write sink using source location.search inside a select elementXSS Lab: DOM XSS in document.write sink using source location.search inside a select elementPortSwigger XSS Lab: Reflected XSS into attribute with angle brackets HTML-encodedPortSwigger XSS Lab: Reflected XSS into attribute with angle brackets HTML-encodedPortSwigger XSS Lab: DOM XSS in innerHTML sink using source location.searchPortSwigger XSS Lab: DOM XSS in innerHTML sink using source location.searchLab: Exploiting cross-site scripting to steal cookies (sin Burp Collaborator)Lab: Exploiting cross-site scripting to steal cookies (sin Burp Collaborator)Reflected XSS protected by CSP, with CSP bypassReflected XSS protected by CSP, with CSP bypassDescubrimiento de Hosts (Host discovery) | ¿cómo descubrir dispositivos en la red?Descubrimiento de Hosts (Host discovery) | ¿cómo descubrir dispositivos en la red?PortSwigger XSS Lab: Reflected XSS into HTML context with all tags blocked except custom onesPortSwigger XSS Lab: Reflected XSS into HTML context with all tags blocked except custom onesPortSwigger XSS Lab: Stored DOM XSSPortSwigger XSS Lab: Stored DOM XSSExploiting XSS to bypass CSRF defensesExploiting XSS to bypass CSRF defensesLab: Stored XSS into onclick event with angle brackets and double quotes HTML-encoded ...Lab: Stored XSS into onclick event with angle brackets and double quotes HTML-encoded ...Reflected XSS protected by very strict CSP, with dangling markup attackReflected XSS protected by very strict CSP, with dangling markup attack
Статистика портала
Яндекс.Метрика
© 2008-2025 «Информационно-развлекательный портал города Верхняя Салда»
| Карта портала | Реклама | Контакты | Сообщить об ошибке | Соглашения Пользовательское соглашение Соглашение о конфиденциальности Согласие на обработку персональных данных Информация для правообладателей
salda.ws@mail.ru
Сейчас на сайте: 190 Статистика портала
Страницу в закладки Мои закладки
Все заметки Новая заметка Страницу в заметки