Chaining Script Gadgets to Full XSS - All The Little Things 2/2 (web) Google CTF 2020
Автор: LiveOverflow
Загружено: 2020-10-08
Просмотров: 27954
Описание:
In the second part we are building on top of what we have learned. We figure out how to craft something special out of a very limited script gadget. Eventually we can use it to leak the secret notes ID and notes content.
Part 1: • Failed DOM Clobbering Research - All The L...
Challenge: https://capturetheflag.withgoogle.com...
Pasteurize: • XSS a Paste Service - Pasteurize (web) Goo...
00:00 - Recap Part 1
00:20 - Start of the Attack Chain
00:54 - Control the Theme Callback
02:29 - Prior JSONP Capability Research
04:40 - innerHTML Breakthrough
06:13 - Content Security Policy Fail
07:19 - iframe CSP Bypass
08:31 - The Solution
10:09 - Chaining Three Gadgets
11:34 - Researching Cool XSS Techniques
12:00 - Solving the Challenge
13:25 - Outro
=[ ❤️ Support ]=
→ per Video: / liveoverflow
→ per Month: / @liveoverflow
=[ 🐕 Social ]=
→ Twitter: / liveoverflow
→ Website: https://liveoverflow.com/
→ Subreddit: / liveoverflow
→ Facebook: / liveoverflow
Повторяем попытку...
Доступные форматы для скачивания:
Скачать видео
-
Информация по загрузке:
![Почему работает теория шести рукопожатий? [Veritasium]](https://imager.clipsaver.ru/ggI1xKzoANs/max.jpg)
