DO NOT USE alert(1) for XSS
... and use alert(document.domain) or alert(window.origin) instead.
Blog post: https://liveoverflow.com/do-not-use-alert-1-in-xss/
Sponsored by Google for their Bug Hunter University: https://bughunters.google.com/learn/invalid-reports/web-platform/xss/5108550411747328
00:00 - Intro
00:47 - Why Do We Use Alert(1) for XSS?
02:25 - alert(1) Popup is NOT Proof of a Vulnerability!
03:07 - Invalid XSS Example 1 on Blogger
04:43 - Sandbox Subdomains
06:27 - Sandboxed iframes
08:29 - Invalid XSS Example 2 on Google Sites
09:50 - Why Should You Care About Invalid XSS Issues?
10:55 - Summary
11:55 - Outro
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
Видео DO NOT USE alert(1) for XSS канала LiveOverflow
Blog post: https://liveoverflow.com/do-not-use-alert-1-in-xss/
Sponsored by Google for their Bug Hunter University: https://bughunters.google.com/learn/invalid-reports/web-platform/xss/5108550411747328
00:00 - Intro
00:47 - Why Do We Use Alert(1) for XSS?
02:25 - alert(1) Popup is NOT Proof of a Vulnerability!
03:07 - Invalid XSS Example 1 on Blogger
04:43 - Sandbox Subdomains
06:27 - Sandboxed iframes
08:29 - Invalid XSS Example 2 on Google Sites
09:50 - Why Should You Care About Invalid XSS Issues?
10:55 - Summary
11:55 - Outro
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
Видео DO NOT USE alert(1) for XSS канала LiveOverflow
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
riscure embedded hardware CTF is over - loopback 0x03Live Hacking - Internetwache CTF 2016 - web50, web60, web80LiveOverflow Channel Trailerformat2 on a modern Ubuntu - bin 0x26Deepdive Containers - Kernel Sources and nsenterWhat is a Protocol? (Deepdive)Riscure Embedded Hardware CTF setup and introduction - rhme2 SolderingTCP Protocol introduction - bin 0x1AXSS on the Wrong Domain T_T - Tech Support (web) Google CTF 2020Finding 0day in Apache APISIX During CTF (CVE-2022-24112)File Path Race Condition & How To Prevent It - bin 0x31VPNs, Proxies and Secure Tunnels Explained (Deepdive)Exploit Fails? Debug Your Shellcode - bin 0x2BNew to Linux? Need Help Understanding Shell Commands?HACKERSPACES ARE AWESOME!Fuzzing Browsers for weird XSS VectorsUnderstanding C Pointer Magic Arithmetic | Ep. 07Solving Pwnable CTF Challenge With Docker WorkflowThe fakeobj() Primitive: Turning an Address Leak into a Memory CorruptionThe HTTP Protocol: GET /test.html - web 0x01What is a Browser Security Sandbox?! (Learn to Hack Firefox)