I don't know what forced me to click the subscribe button just after watching the first minute of the video. I think some one injected the payload on my hands.
Consider myself noob I even failed to understand your explanation I am confused application is running on different server then how are you able to persist the JS ?
The application (on the left) is vulnerable to XSS. Another listening "server" (on the right), is receiving the JavaScript (on the bottom) payloads by GET requests. These payloads are being executed in the browser, from within the context of the affected user via the application (on the left) and sending requests to the "server" (on the right). The example XSS is reflected, so nothing is being persisted.
@@247CTF And one more doubt. These things are not persisted then how can we force a user to do all these things. Cause these powerful attacks won't work unless it is persisted on the main application server itself?
![Fighting Against Time: How to identify & abuse Race Conditions [Capture The Flag Fundamentals]](http://i.ytimg.com/vi/bhHvT788juk/mqdefault.jpg)
![Fighting Against Time: How to identify & abuse Race Conditions [Capture The Flag Fundamentals]](/img/tr.png)
![Magic Bytes & Security: When file categorisation goes wrong [Capture The Flag Fundamentals]](http://i.ytimg.com/vi/g-e7yE5weXA/mqdefault.jpg)
![Symmetric Block Ciphers For Hackers [Capture The Flag Fundamentals]](/img/n.gif)
🤖 Can anybody create an XSS payload to auto-subscribe to this channel? 🤖
I don't know what forced me to click the subscribe button just after watching the first minute of the video. I think some one injected the payload on my hands.
Reddit bought me here. Subscribed! Love the technical explanations!!
Great video!
Thanks for the visit
01:20 hijacking
✂️
Consider myself noob I even failed to understand your explanation
I am confused application is running on different server then how are you able to persist the JS ?
The application (on the left) is vulnerable to XSS. Another listening "server" (on the right), is receiving the JavaScript (on the bottom) payloads by GET requests. These payloads are being executed in the browser, from within the context of the affected user via the application (on the left) and sending requests to the "server" (on the right). The example XSS is reflected, so nothing is being persisted.
@@247CTF Thanks. I got it Now. Keep up the good work. One last request can we talk over discord or something I need some advice
@@247CTF And one more doubt. These things are not persisted then how can we force a user to do all these things. Cause these powerful attacks won't work unless it is persisted on the main application server itself?
Hello from recommendations!
Hello there!