XSSI - Google Gruyere // Cross Site Script Inclusion // walk-through
Disclaimer
This is educational purpose video only. I did not harm anyone I just do ctfs and make that walkthrough and explain what of the method here in use, so please don't use this because hacking is crime if you do this then it's can land you in jail.
I'm not support any kind of illegal or malicious of illegal or malicious hacking.
--------------------------------------------
Cross Site Script Inclusion (XSSI)
Browsers prevent pages of one domain from reading pages in other domains. But they do not prevent pages of a domain from referencing resources in other domains. In particular, they allow images to be rendered from other domains and scripts to be executed from other domains. An included script doesn't have its own security context. It runs in the security context of the page that included it. For example, if www.evil.example.com includes a script hosted on www.google.com then that script runs in the evil context not in the google context. So any user data in that script will "leak."
XSSI Challenge
Find a way to read someone else's private snippet using XSSI.
That is, create a page on another web site and put something in that page that can read your private snippet. (You don't need to post it to a web site: you can just create a .html in your home directory and double click on it to open in a browser.)
------------------------------
#yesspider
please support me on patreon
https://www.patreon.com/yesspider
https://github.com/yesspider-hacker
https://twitter.com/yesspider1
--------------------------------------------------
Видео XSSI - Google Gruyere // Cross Site Script Inclusion // walk-through канала Yesspider
This is educational purpose video only. I did not harm anyone I just do ctfs and make that walkthrough and explain what of the method here in use, so please don't use this because hacking is crime if you do this then it's can land you in jail.
I'm not support any kind of illegal or malicious of illegal or malicious hacking.
--------------------------------------------
Cross Site Script Inclusion (XSSI)
Browsers prevent pages of one domain from reading pages in other domains. But they do not prevent pages of a domain from referencing resources in other domains. In particular, they allow images to be rendered from other domains and scripts to be executed from other domains. An included script doesn't have its own security context. It runs in the security context of the page that included it. For example, if www.evil.example.com includes a script hosted on www.google.com then that script runs in the evil context not in the google context. So any user data in that script will "leak."
XSSI Challenge
Find a way to read someone else's private snippet using XSSI.
That is, create a page on another web site and put something in that page that can read your private snippet. (You don't need to post it to a web site: you can just create a .html in your home directory and double click on it to open in a browser.)
------------------------------
#yesspider
please support me on patreon
https://www.patreon.com/yesspider
https://github.com/yesspider-hacker
https://twitter.com/yesspider1
--------------------------------------------------
Видео XSSI - Google Gruyere // Cross Site Script Inclusion // walk-through канала Yesspider
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
![TryHackMe! Buffer Overflow & Penetratiion Testing // the cod caper / walk-through](https://i.ytimg.com/vi/mlF8x3YjAvw/default.jpg)
![Nebula ! level00- Exploit Exercises First Video // walk-through](https://i.ytimg.com/vi/zOzz9FPsjGE/default.jpg)
![Net0 - Protostar // First step of Network exploit // walk-through](https://i.ytimg.com/vi/7a5FmZIQDYY/default.jpg)
![stack1// protostar /exploit development..// writeup](https://i.ytimg.com/vi/Y8KnfWO5QcM/default.jpg)
![TryHackMe! H4cked - Analyzing a .pcap File // walk- through](https://i.ytimg.com/vi/YwKJQhE7I7w/default.jpg)
![TryHackMe ! Two Different Ways To Hack - Brooklyn Nine NIne // walk-through](https://i.ytimg.com/vi/_FHfiyhFOWM/default.jpg)
![Nebula ! level03 - SETUID and SETGID // walk-through](https://i.ytimg.com/vi/B8Swd0b8AlY/default.jpg)
![TryHackMe! Lian_Yu // steganography // beginner level security challenge// walk-through](https://i.ytimg.com/vi/eIv_PC3FV-M/default.jpg)
![Bandit ! OverTheWire (Levels 0-6) | SSHPass & File Spaces : Linux | Walkthrough](https://i.ytimg.com/vi/4XRTyKSjTkk/default.jpg)
![TryHackMe! Lazy Admin - Sweet Rice Exploit // walk-through](https://i.ytimg.com/vi/X7EK37BXmkw/default.jpg)
![TryHackMe ! Year of the Rabbit - Hydra, Steganography // walk-through](https://i.ytimg.com/vi/-vID5xGEztY/default.jpg)
![HackTheBox - Tabby](https://i.ytimg.com/vi/IVk2JvyqQLU/default.jpg)
![Nebula ! level07 - Command Injection // walk-through](https://i.ytimg.com/vi/OXaxALEcy-8/default.jpg)
![Final0 - Protostar // Remote Root Exploit // walk-through](https://i.ytimg.com/vi/bZzvgPAy5lg/default.jpg)
![TryHackMe ! Anonymous // walk-through](https://i.ytimg.com/vi/-kb9rJdtwqE/default.jpg)
![TryHackMe ! simple ctf // Simple Penetration Testing // Basic CTF challenge /](https://i.ytimg.com/vi/ll_5Vy4psyo/default.jpg)
![Nebula ! level01- Manipulate Environment Variables // walk-through](https://i.ytimg.com/vi/hMsS8exUJ0Q/default.jpg)
![TryHackMe! Kenobi - Vuleranable ProFTPd Version // walk- through](https://i.ytimg.com/vi/3fDhj_6tYSs/default.jpg)
![Tomghost! TryHackMe // gostcat // workthrough](https://i.ytimg.com/vi/WsTsT0nfkoA/default.jpg)
![TryHackMe ! Inclusion - LFI ( Local File Inclusion ) // walk-through](https://i.ytimg.com/vi/ZT5MDFdx_TA/default.jpg)
![Try Hack Me ! Pickle Rick // capture the flag // basic ctf challenge // walk-through](https://i.ytimg.com/vi/Dlfr0zAWHl4/default.jpg)