Web Hacking -Server-Side Prototype Pollution

  Рет қаралды 2,699

giuseppesec

giuseppesec

Күн бұрын

Пікірлер: 9
@galopeian
@galopeian 2 жыл бұрын
This is the best explainer video I've found on this subject.
@nigamelastic
@nigamelastic 2 жыл бұрын
just wanna say that the videos are super cool, keep up the good work
@soulgh0st306
@soulgh0st306 2 жыл бұрын
hi, how u get the avatar with the pink hair? keep it doing it great, happy coding
@poc0027
@poc0027 Жыл бұрын
thank you man this is really helpful and fun 😁
@ca7986
@ca7986 2 жыл бұрын
Amazing ❤
@bluezombie7506
@bluezombie7506 2 жыл бұрын
Makes sense, but if we bug bounty. Should we click enter when writing the payload? Or how do we go about testing this on a website without giving every account Admin access
@azrabanu3429
@azrabanu3429 2 жыл бұрын
nice video can you please make a video on exploiting prototype pollution in AnngularJs
@giuseppesec
@giuseppesec 2 жыл бұрын
it would be the same concept. it doesn't matter the type of javascript, what matters is vulnerable merge and extend functions. which is why in this video the vulnerable module was node.extend. don't worry about the javascript type. worry about merge and extend functions. for example, look up CVE-2019-10768. it's an angularJs prototype pollution, and it looks the exact same as the payload in this video, and it arose from a vulnerable merge function
@Free.Education786
@Free.Education786 2 жыл бұрын
Please make beginner to advance level practical live website hacking, live website bug hunting, live website penetration testing, live website exploitation content video series... 🙏 😊 💯✌❤💚💙💜😍😘🤝
BUG BOUNTY: UNDERSTANDING PROTOTYPE POLLUTION VULNERABILITY | 2023
19:34
BUG BOUNTY: UNDERSTANDING PROTOTYPE POLLUTION VULNERABILITY | 2023
BePractical
Рет қаралды 8 М.
DOM XSS via an alternative prototype pollution vector | PortSwigger Academy tutorial
7:37
DOM XSS via an alternative prototype pollution vector | PortSwigger Academy tutorial
Pink Boo
Рет қаралды 396
Players vs Pitch 🤯
00:26
Players vs Pitch 🤯
LE FOOT EN VIDÉO
Рет қаралды 90 МЛН
Which team will win? Team Joy or Team Gumball?! 🤔
00:29
Which team will win? Team Joy or Team Gumball?! 🤔
BigSchool
Рет қаралды 13 МЛН
Amazing remote control#devil #lilith #funny #shorts
00:30
Amazing remote control#devil #lilith #funny #shorts
Devil Lilith
Рет қаралды 11 МЛН
The IMPOSSIBLE Puzzle..
00:55
The IMPOSSIBLE Puzzle..
Stokes Twins
Рет қаралды 14 МЛН
How to solve Prototype Pollution CTF challenges?
10:31
How to solve Prototype Pollution CTF challenges?
CTF School
Рет қаралды 10 М.
Nullcon Berlin 2023 | Server Side Prototype Pollution: Blackbox Detection Without The DoS by Gareth
42:10
Nullcon Berlin 2023 | Server Side Prototype Pollution: Blackbox Detection Without The DoS by Gareth
nullcon
Рет қаралды 2,8 М.
The Most Legendary Programmers Of All Time
11:49
The Most Legendary Programmers Of All Time
Aaron Jack
Рет қаралды 600 М.
Prototype Pollution: DOM XSS via client-side prototype pollution
9:07
Prototype Pollution: DOM XSS via client-side prototype pollution
Emanuele Picariello
Рет қаралды 6 М.
Why does JavaScript's fetch make me wait TWICE?
6:23
Why does JavaScript's fetch make me wait TWICE?
Tom on the Internet
Рет қаралды 217 М.
Client-side prototype pollution via flawed sanitization | PortSwigger Academy tutorial
7:22
Client-side prototype pollution via flawed sanitization | PortSwigger Academy tutorial
Pink Boo
Рет қаралды 429
Why Are Open Source Alternatives So Bad?
13:06
Why Are Open Source Alternatives So Bad?
Eric Murphy
Рет қаралды 669 М.
SnykCon CTF - "Invisible Ink" Prototype Pollution
12:57
SnykCon CTF - "Invisible Ink" Prototype Pollution
John Hammond
Рет қаралды 30 М.
Web Hacking -Cool XSS Payload Ideas
5:43
Web Hacking -Cool XSS Payload Ideas
giuseppesec
Рет қаралды 2 М.
one wrong npm package
19:27
one wrong npm package
PwnFunction
Рет қаралды 182 М.
Players vs Pitch 🤯
00:26
Players vs Pitch 🤯
LE FOOT EN VIDÉO
Рет қаралды 90 МЛН