Reflected XSS Protected by Very Strict CSP with Dangling Markup Attack
Автор: z3nsh3ll
Загружено: 9 окт. 2023 г.
Просмотров: 5 843 просмотра
We look at the Portswigger lab with the title "Reflected XSS Protected by Very Strict CSP with Dangling Markup Attack".
This lab ties together a number of important concepts including -
Cross site scripting
Dangling markup attack
Cross site request forgery
Content Security Policy
Session ID vs CSRF Token
Support This Channel
======================
Please like and subscribe, it means a lot!
Please buy me a coffee so I can continue to make content.
https://buymeacoffee.com/zenshell
Join our Discord
/ discord
00:00 Introduction
00:58 Lab Guidelines
01:47 Exploring the Lab
03:29 Injecting into Email Parameter
05:14 Content Security Policy
07:12 Bypassing CSP
09:06 Dangling Markup Attack
13:06 Lab Walkthrough Guidelines
13:53 What is the Exploit Server?
14:43 Exploit Server Code
19:09 Bypassing Burp Collaborator
20:59 Testing the Exploit
24:27 Stealing the Victim's CSRF Token
27:05 CSRF Attack Stage
30:09 Bypass PoC Generator
31:40 Html Snippet
34:25 Solving the Lab
34:58 Session ID vs CSRF Token
36:07 Summary and Increasing Exploit Efficiency
Доступные форматы для скачивания:
Скачать видео mp4
-
Информация по загрузке:
