XSS on Google Search - Sanitizing HTML in The Client?
An actual XSS on google.com by Masato Kinugawa. It abuses a parsing differential between a JavaScript enabled and disabled context.
The fix: https://github.com/google/closure-library/commit/c79ab48e8e962fee57e68739c00e16b9934c0ffa
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
-=[ 📄 P.S. ]=-
All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.
Видео XSS on Google Search - Sanitizing HTML in The Client? канала LiveOverflow
The fix: https://github.com/google/closure-library/commit/c79ab48e8e962fee57e68739c00e16b9934c0ffa
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
-=[ 📄 P.S. ]=-
All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.
Видео XSS on Google Search - Sanitizing HTML in The Client? канала LiveOverflow
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
GoogleCTF - Cross-Site Scripting "Pasteurize"Hacking into Google's Network for $133,337MMORPG Bot Reverse Engineering and TrackingGoing to Chinese Hacking Competition - Real World CTF FinalsCross-Site Scripting Explained with Examples and How to Prevent XSS with Content Security PolicyCracking Websites with Cross Site Scripting - ComputerphileRunning a XSS Attack + How to defendWeb App Penetration Testing - #10 - XSS(Reflected, Stored & DOM)Student Finds Hidden Devices in the College Library - Are they nefarious?How did Masato find the Google Search XSS?What is PHP and why is XSS so common there? - web 0x02can you hack this screenshot service?? - CSCG 2021What is a Browser Security Sandbox?! (Learn to Hack Firefox)Analysing a Firefox Malware browserassist.dll - FLARE-On 2018Cross-Site Scripting (XSS) ExplainedDon't trust timeScript Gadgets! Google Docs XSS Vulnerability WalkthroughWhat do Nintendo Switch and iOS 9.3 have in common? CVE-2016-4657 walk-throughHOW FRCKN' HARD IS IT TO UNDERSTAND A URL?! - uXSS CVE-2018-6128