Рет қаралды 44,763
👩🎓👨🎓 Learn how to find DOM-based cross-site scripting vulnerabilities. We are looking at the browser's developer tools, the Javascript debugger, and the concept of sources and sinks!
Overview:
00:00 Intro
00:29 Inspecting Sources
02:15 DOMXSS Wiki
02:44 Location.search
03:44 Inspect the DOMXSS source
05:25 Using the Debugger
06:16 Inspecting the DOMXSS sink
07:10 Exploiting the vulnerability
07:49 Summary
For more information, check out blog.intigriti.com/hackademy/cross-site-scripting-xss/dom-based-cross-site-scripting/.
🔗 DOM-XSS Wiki: github.com/wisec/domxsswiki/wiki
🔗 Portswigger XSS Challenge: portswigger.net/web-security/cross-site-scripting/dom-based/lab-document-write-sink-inside-select-element
---
🧑💻 Sign up and start hacking right now - go.intigriti.com/register
👾 Join our Discord - go.intigriti.com/discord
🎙️ This show is hosted by PascalSec (@Hacksplained) & intigriti
👕 Do you want some Intigriti Swag? Check out swag.intigriti.com/