How To Search For DOM-Based XSS!
👩🎓👨🎓 Learn how to find DOM-based cross-site scripting vulnerabilities. We are looking at the browser's developer tools, the Javascript debugger, and the concept of sources and sinks!
Overview:
00:00 Intro
00:29 Inspecting Sources
02:15 DOMXSS Wiki
02:44 Location.search
03:44 Inspect the DOMXSS source
05:25 Using the Debugger
06:16 Inspecting the DOMXSS sink
07:10 Exploiting the vulnerability
07:49 Summary
For more information, check out https://blog.intigriti.com/hackademy/cross-site-scripting-xss/dom-based-cross-site-scripting/.
🔗 DOM-XSS Wiki: https://github.com/wisec/domxsswiki/wiki
🔗 Portswigger XSS Challenge: https://portswigger.net/web-security/cross-site-scripting/dom-based/lab-document-write-sink-inside-select-element
---
🧑💻 Sign up and start hacking right now - https://go.intigriti.com/register
👾 Join our Discord - https://go.intigriti.com/discord
🎙️ This show is hosted by https://twitter.com/PascalSec (@Hacksplained) & https://twitter.com/intigriti
👕 Do you want some Intigriti Swag? Check out https://swag.intigriti.com/
Видео How To Search For DOM-Based XSS! канала intigriti
Overview:
00:00 Intro
00:29 Inspecting Sources
02:15 DOMXSS Wiki
02:44 Location.search
03:44 Inspect the DOMXSS source
05:25 Using the Debugger
06:16 Inspecting the DOMXSS sink
07:10 Exploiting the vulnerability
07:49 Summary
For more information, check out https://blog.intigriti.com/hackademy/cross-site-scripting-xss/dom-based-cross-site-scripting/.
🔗 DOM-XSS Wiki: https://github.com/wisec/domxsswiki/wiki
🔗 Portswigger XSS Challenge: https://portswigger.net/web-security/cross-site-scripting/dom-based/lab-document-write-sink-inside-select-element
---
🧑💻 Sign up and start hacking right now - https://go.intigriti.com/register
👾 Join our Discord - https://go.intigriti.com/discord
🎙️ This show is hosted by https://twitter.com/PascalSec (@Hacksplained) & https://twitter.com/intigriti
👕 Do you want some Intigriti Swag? Check out https://swag.intigriti.com/
Видео How To Search For DOM-Based XSS! канала intigriti
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
![Intigriti HackerViews 🎙️ - Meet your Bug Bounty Heroes - bandjes](https://i.ytimg.com/vi/pd1tXKKfu9k/default.jpg)
![Bypassing Rate Limits via Race Conditions](https://i.ytimg.com/vi/jzUJtW8rFRs/default.jpg)
![Intel's 1337UP Knights of Elektron Live Hacking Event Aftermovie](https://i.ytimg.com/vi/6z_EE9mHkHM/default.jpg)
![Researcher API](https://i.ytimg.com/vi/9uHOSU8W6vk/default.jpg)
![Leveraging Server Side XSS (PDF) for Auth Bypass - "My Music" [INTIGRITI 1337UP LIVE CTF 2023]](https://i.ytimg.com/vi/JetPydd3ud4/default.jpg)
![Making a ChatGPT Discord Bot Leak it's Prompt - "Triage Bot" [INTIGRITI 1337UP LIVE CTF 2023]](https://i.ytimg.com/vi/5wcJjNgncOQ/default.jpg)
![Intigriti’s Hybrid Pentest: Penetration Testing as a Service reimagined](https://i.ytimg.com/vi/HLblbtLJf8o/default.jpg)
![JWT Authentication Bypass via Algorithm Confusion](https://i.ytimg.com/vi/d-X9CmpnJdE/default.jpg)
![JWT Authentication Bypass via jku Header Injection](https://i.ytimg.com/vi/hMRdMmll8Bk/default.jpg)
![JWT Authentication Bypass via jwk Header Injection](https://i.ytimg.com/vi/t-RfzyW0iqA/default.jpg)
![Prototype Pollution, reCAPTCHA and XSS - Solution to June '23 Challenge](https://i.ytimg.com/vi/Marqe2SEYok/default.jpg)
![Weak Authentication [InsecureBankv2 APK]](https://i.ytimg.com/vi/B8crggD7Z6I/default.jpg)
![Cracking a JWT with MD5_HMAC Algorithm - Marmalade 5 [NahamCon CTF 2023]](https://i.ytimg.com/vi/3LRZsnSyDrQ/default.jpg)
![JWT Authentication Bypass via Weak Signing Key](https://i.ytimg.com/vi/ov9yT4WAuzI/default.jpg)
![JWT Authentication Bypass via Flawed Signature Verification](https://i.ytimg.com/vi/rEUoU6OYH_g/default.jpg)
![Android Root Detection Bypass (Frida Hooking and APK Patching)](https://i.ytimg.com/vi/JDWO3pVOOLc/default.jpg)
![JWT Authentication Bypass via Unverified Signature](https://i.ytimg.com/vi/-JAf08oGrcc/default.jpg)
![Introduction to JWT Attacks](https://i.ytimg.com/vi/GIq3naOLrTg/default.jpg)
![XSS via ES6 Reflect API - Solution to May '23 Challenge](https://i.ytimg.com/vi/1iQ-oeLFZBs/default.jpg)
![2 ways to root an AVD (android studio); Magisk (rootAVD) and SuperSU](https://i.ytimg.com/vi/vO92Gs9kyfg/default.jpg)
![Web Shell Upload via Obfuscated File Extension](https://i.ytimg.com/vi/GnUfp6z_Vu4/default.jpg)