Beyond Alert(1): Demonstrating the impact of an XSS [Capture The Flag Fundamentals]

No video

Beyond Alert(1): Demonstrating the impact of an XSS [Capture The Flag Fundamentals]

Рет қаралды 5,752

247CTF

Күн бұрын

Пікірлер: 13

@247CTF 4 жыл бұрын

🤖 Can anybody create an XSS payload to auto-subscribe to this channel? 🤖

@imherovirat 3 жыл бұрын

I don't know what forced me to click the subscribe button just after watching the first minute of the video. I think some one injected the payload on my hands.

@rusirumunasingha2234 4 жыл бұрын

Reddit bought me here. Subscribed! Love the technical explanations!!

@PinkDraconian 3 жыл бұрын

Great video!

@247CTF 3 жыл бұрын

Thanks for the visit

@domaincontroller 3 жыл бұрын

01:20 hijacking

@247CTF 3 жыл бұрын

✂️

@strongleongch 2 жыл бұрын

Hello from recommendations!

@247CTF 2 жыл бұрын

Hello there!

@hnsoni4 4 жыл бұрын

Consider myself noob I even failed to understand your explanation I am confused application is running on different server then how are you able to persist the JS ?

@247CTF 4 жыл бұрын

The application (on the left) is vulnerable to XSS. Another listening "server" (on the right), is receiving the JavaScript (on the bottom) payloads by GET requests. These payloads are being executed in the browser, from within the context of the affected user via the application (on the left) and sending requests to the "server" (on the right). The example XSS is reflected, so nothing is being persisted.

@hnsoni4 4 жыл бұрын

@@247CTF Thanks. I got it Now. Keep up the good work. One last request can we talk over discord or something I need some advice

@hnsoni4 4 жыл бұрын

@@247CTF And one more doubt. These things are not persisted then how can we force a user to do all these things. Cause these powerful attacks won't work unless it is persisted on the main application server itself?