The Three JavaScript Hacking Legends
In this video we talk about the first JavaScript vulnerabilities in 1997, and how the field was dominated by three "XSS" legends.
Bugtraq 1997 - LoVerso: https://seclists.org/bugtraq/1997/Jun/88
LoVerso Website: https://web.archive.org/web/19970607122219/http://www.osf.org/~loverso/javascript/
LoVerso dir.html PoC: https://web.archive.org/web/19970607185809/http://www.osf.org/~loverso/javascript/dir.html
Tasty Bits from the Technology Front: https://web.archive.org/web/19970803213858/http://www.tbtf.com/archive/02-27-96.html
TBTF about Netscae 2.0b3: https://web.archive.org/web/19970803220511/http://www.tbtf.com/archive/12-02-95.html
Scott Weston on TBTF: https://web.archive.org/web/19970803220702/http://www.tbtf.com/resource/b2-privacy-bug.html
Bugtraq about Bug Bounty 1995: https://seclists.org/bugtraq/1995/Oct/12
Episode 01: https://www.youtube.com/watch?v=bSJm8-zJTzQ
Episode 03: https://www.youtube.com/watch?v=gVblb-QhZa4
Episode 02:
00:00 - Intro
00:45 - First JavaScript Vulnerability
02:00 - John Robert LoVerso
03:19 - First Directory Browse Vulnerability
04:16 - Comparison to My Exploit
05:13 - John Tennyson
05:44 - Tasty Bits from the Technology
06:16 - Netscape's Bug Bounty
06:48 - Scott Weston history stealing
08:12 - The Three Legends of JavaScript Security
08:59 - The Year 1996
09:31 - JavaScript can't claim to be secure
10:25 - ECMAScript: JavaScript Specification
11:13 - Next Episode Teaser
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Instagram: https://instagram.com/LiveOverflow/
→ Blog: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
Видео The Three JavaScript Hacking Legends канала LiveOverflow
Bugtraq 1997 - LoVerso: https://seclists.org/bugtraq/1997/Jun/88
LoVerso Website: https://web.archive.org/web/19970607122219/http://www.osf.org/~loverso/javascript/
LoVerso dir.html PoC: https://web.archive.org/web/19970607185809/http://www.osf.org/~loverso/javascript/dir.html
Tasty Bits from the Technology Front: https://web.archive.org/web/19970803213858/http://www.tbtf.com/archive/02-27-96.html
TBTF about Netscae 2.0b3: https://web.archive.org/web/19970803220511/http://www.tbtf.com/archive/12-02-95.html
Scott Weston on TBTF: https://web.archive.org/web/19970803220702/http://www.tbtf.com/resource/b2-privacy-bug.html
Bugtraq about Bug Bounty 1995: https://seclists.org/bugtraq/1995/Oct/12
Episode 01: https://www.youtube.com/watch?v=bSJm8-zJTzQ
Episode 03: https://www.youtube.com/watch?v=gVblb-QhZa4
Episode 02:
00:00 - Intro
00:45 - First JavaScript Vulnerability
02:00 - John Robert LoVerso
03:19 - First Directory Browse Vulnerability
04:16 - Comparison to My Exploit
05:13 - John Tennyson
05:44 - Tasty Bits from the Technology
06:16 - Netscape's Bug Bounty
06:48 - Scott Weston history stealing
08:12 - The Three Legends of JavaScript Security
08:59 - The Year 1996
09:31 - JavaScript can't claim to be secure
10:25 - ECMAScript: JavaScript Specification
11:13 - Next Episode Teaser
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Instagram: https://instagram.com/LiveOverflow/
→ Blog: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
Видео The Three JavaScript Hacking Legends канала LiveOverflow
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
riscure embedded hardware CTF is over - loopback 0x03Live Hacking - Internetwache CTF 2016 - web50, web60, web80LiveOverflow Channel Trailerformat2 on a modern Ubuntu - bin 0x26Deepdive Containers - Kernel Sources and nsenterWhat is a Protocol? (Deepdive)Riscure Embedded Hardware CTF setup and introduction - rhme2 SolderingTCP Protocol introduction - bin 0x1AXSS on the Wrong Domain T_T - Tech Support (web) Google CTF 2020Finding 0day in Apache APISIX During CTF (CVE-2022-24112)File Path Race Condition & How To Prevent It - bin 0x31VPNs, Proxies and Secure Tunnels Explained (Deepdive)Exploit Fails? Debug Your Shellcode - bin 0x2BNew to Linux? Need Help Understanding Shell Commands?HACKERSPACES ARE AWESOME!Fuzzing Browsers for weird XSS VectorsUnderstanding C Pointer Magic Arithmetic | Ep. 07Solving Pwnable CTF Challenge With Docker WorkflowThe fakeobj() Primitive: Turning an Address Leak into a Memory CorruptionThe HTTP Protocol: GET /test.html - web 0x01What is a Browser Security Sandbox?! (Learn to Hack Firefox)