How To Search For DOM-Based XSS!
👩🎓👨🎓 Learn how to find DOM-based cross-site scripting vulnerabilities. We are looking at the browser's developer tools, the Javascript debugger, and the concept of sources and sinks!
Overview:
00:00 Intro
00:29 Inspecting Sources
02:15 DOMXSS Wiki
02:44 Location.search
03:44 Inspect the DOMXSS source
05:25 Using the Debugger
06:16 Inspecting the DOMXSS sink
07:10 Exploiting the vulnerability
07:49 Summary
For more information, check out https://blog.intigriti.com/hackademy/cross-site-scripting-xss/dom-based-cross-site-scripting/.
🔗 DOM-XSS Wiki: https://github.com/wisec/domxsswiki/wiki
🔗 Portswigger XSS Challenge: https://portswigger.net/web-security/cross-site-scripting/dom-based/lab-document-write-sink-inside-select-element
---
🧑💻 Sign up and start hacking right now - https://go.intigriti.com/register
👾 Join our Discord - https://go.intigriti.com/discord
🎙️ This show is hosted by https://twitter.com/PascalSec (@Hacksplained) & https://twitter.com/intigriti
👕 Do you want some Intigriti Swag? Check out https://swag.intigriti.com/
Видео How To Search For DOM-Based XSS! канала intigriti
Overview:
00:00 Intro
00:29 Inspecting Sources
02:15 DOMXSS Wiki
02:44 Location.search
03:44 Inspect the DOMXSS source
05:25 Using the Debugger
06:16 Inspecting the DOMXSS sink
07:10 Exploiting the vulnerability
07:49 Summary
For more information, check out https://blog.intigriti.com/hackademy/cross-site-scripting-xss/dom-based-cross-site-scripting/.
🔗 DOM-XSS Wiki: https://github.com/wisec/domxsswiki/wiki
🔗 Portswigger XSS Challenge: https://portswigger.net/web-security/cross-site-scripting/dom-based/lab-document-write-sink-inside-select-element
---
🧑💻 Sign up and start hacking right now - https://go.intigriti.com/register
👾 Join our Discord - https://go.intigriti.com/discord
🎙️ This show is hosted by https://twitter.com/PascalSec (@Hacksplained) & https://twitter.com/intigriti
👕 Do you want some Intigriti Swag? Check out https://swag.intigriti.com/
Видео How To Search For DOM-Based XSS! канала intigriti
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Intigriti HackerViews 🎙️ - Meet your Bug Bounty Heroes - bandjes
Bypassing Rate Limits via Race Conditions
Intel's 1337UP Knights of Elektron Live Hacking Event Aftermovie
Researcher API![Leveraging Server Side XSS (PDF) for Auth Bypass - "My Music" [INTIGRITI 1337UP LIVE CTF 2023]](https://i.ytimg.com/vi/JetPydd3ud4/default.jpg)
Leveraging Server Side XSS (PDF) for Auth Bypass - "My Music" [INTIGRITI 1337UP LIVE CTF 2023]![Making a ChatGPT Discord Bot Leak it's Prompt - "Triage Bot" [INTIGRITI 1337UP LIVE CTF 2023]](https://i.ytimg.com/vi/5wcJjNgncOQ/default.jpg)
Making a ChatGPT Discord Bot Leak it's Prompt - "Triage Bot" [INTIGRITI 1337UP LIVE CTF 2023]
Intigriti’s Hybrid Pentest: Penetration Testing as a Service reimagined
JWT Authentication Bypass via Algorithm Confusion
JWT Authentication Bypass via jku Header Injection
JWT Authentication Bypass via jwk Header Injection
Prototype Pollution, reCAPTCHA and XSS - Solution to June '23 Challenge![Weak Authentication [InsecureBankv2 APK]](https://i.ytimg.com/vi/B8crggD7Z6I/default.jpg)
Weak Authentication [InsecureBankv2 APK]![Cracking a JWT with MD5_HMAC Algorithm - Marmalade 5 [NahamCon CTF 2023]](https://i.ytimg.com/vi/3LRZsnSyDrQ/default.jpg)
Cracking a JWT with MD5_HMAC Algorithm - Marmalade 5 [NahamCon CTF 2023]
JWT Authentication Bypass via Weak Signing Key
JWT Authentication Bypass via Flawed Signature Verification
Android Root Detection Bypass (Frida Hooking and APK Patching)
JWT Authentication Bypass via Unverified Signature
Introduction to JWT Attacks
XSS via ES6 Reflect API - Solution to May '23 Challenge
2 ways to root an AVD (android studio); Magisk (rootAVD) and SuperSU
Web Shell Upload via Obfuscated File Extension