DO NOT USE alert(1) for XSS
... and use alert(document.domain) or alert(window.origin) instead.
Blog post: https://liveoverflow.com/do-not-use-alert-1-in-xss/
Sponsored by Google for their Bug Hunter University: https://bughunters.google.com/learn/invalid-reports/web-platform/xss/5108550411747328
00:00 - Intro
00:47 - Why Do We Use Alert(1) for XSS?
02:25 - alert(1) Popup is NOT Proof of a Vulnerability!
03:07 - Invalid XSS Example 1 on Blogger
04:43 - Sandbox Subdomains
06:27 - Sandboxed iframes
08:29 - Invalid XSS Example 2 on Google Sites
09:50 - Why Should You Care About Invalid XSS Issues?
10:55 - Summary
11:55 - Outro
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
Видео DO NOT USE alert(1) for XSS канала LiveOverflow
Blog post: https://liveoverflow.com/do-not-use-alert-1-in-xss/
Sponsored by Google for their Bug Hunter University: https://bughunters.google.com/learn/invalid-reports/web-platform/xss/5108550411747328
00:00 - Intro
00:47 - Why Do We Use Alert(1) for XSS?
02:25 - alert(1) Popup is NOT Proof of a Vulnerability!
03:07 - Invalid XSS Example 1 on Blogger
04:43 - Sandbox Subdomains
06:27 - Sandboxed iframes
08:29 - Invalid XSS Example 2 on Google Sites
09:50 - Why Should You Care About Invalid XSS Issues?
10:55 - Summary
11:55 - Outro
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
Видео DO NOT USE alert(1) for XSS канала LiveOverflow
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
riscure embedded hardware CTF is over - loopback 0x03
Live Hacking - Internetwache CTF 2016 - web50, web60, web80
LiveOverflow Channel Trailer
format2 on a modern Ubuntu - bin 0x26
Deepdive Containers - Kernel Sources and nsenter
What is a Protocol? (Deepdive)
Riscure Embedded Hardware CTF setup and introduction - rhme2 Soldering
TCP Protocol introduction - bin 0x1A
XSS on the Wrong Domain T_T - Tech Support (web) Google CTF 2020
Finding 0day in Apache APISIX During CTF (CVE-2022-24112)
File Path Race Condition & How To Prevent It - bin 0x31
VPNs, Proxies and Secure Tunnels Explained (Deepdive)
Exploit Fails? Debug Your Shellcode - bin 0x2B
New to Linux? Need Help Understanding Shell Commands?
HACKERSPACES ARE AWESOME!
Fuzzing Browsers for weird XSS Vectors
Understanding C Pointer Magic Arithmetic | Ep. 07
Solving Pwnable CTF Challenge With Docker Workflow
The fakeobj() Primitive: Turning an Address Leak into a Memory Corruption
The HTTP Protocol: GET /test.html - web 0x01
What is a Browser Security Sandbox?! (Learn to Hack Firefox)