Exploiting an RPO attack on Firefox | Filedescriptor solves Intigriti's XSS challenge
ฝัง
- เผยแพร่เมื่อ 11 ก.ย. 2024
- In this video Filedescriptor walks through how to solve Intigriti's May's XSS challenge with an RPO attack on Firefox.
Intigriti's XSS challenge: challenge.inti...
A few RPO exploitation techniques: www.mbsd.jp/Wh...
RPO Gadgets: blog.innerht.m...
Support us: www.buymeacoff...
Very well explained. Fantastic video, thank you :)
hey tomnomnom can you also video like this
I think he can, cuz I saw stok and him solving a XSS in hackerone
I guess Im asking the wrong place but does anybody know a trick to log back into an instagram account..?
I stupidly forgot the account password. I appreciate any help you can give me!
@Aarav Clark Instablaster ;)
@Dax Eric I really appreciate your reply. I found the site on google and im waiting for the hacking stuff now.
Seems to take a while so I will get back to you later when my account password hopefully is recovered.
Loved the video! Thanks. Expecting more great stuff.
00:17 CSS injection 00:26 Firefox only 00:48 source 00:54 sink, innerHTML 01:10 DOM XSS 01:22 widgets.js 03:06 open redirecter 05:07 relative path overwrite
Thanks. Hard a hard time doing this challenge. Much clearer now.
Damn that was good, thank you, hope you will do more of these
Same
Holy cow!! This is so cool.
OMG , this so good , thanks for sharing
Fantastic! Thanks for the video!
Great explanation
Very nice video!.
I am ONLY subscribing to this channel, because Stok recommend me to do so. I hope you not gonna fail it!
same
These people are more talented than stok
amazing...
tnx bro we need more video tnx
Great video. So all the websites which are using relative path is vulnerable ?
The //technique behaviour is specific to the challenge ?
Thanks
The // is a misconfiguration on the server that results in open redirects. Here an example real-world case: hackerone.com/reports/52035.
My favorite hacker ❤️
How can we redirect to a manually created webpage? do we have to use WAMP server for it? Eg. create an html page for redirection (evil.com) which will execute our XSS payload?
You can abuse the // open-redirect vulnerability on the Intigriti challenge website. You have to chain that open redirect to achieve XSS.
Hi, how can i access intigriti may month challenge??
Intigriti will make an archive for past challenges. Right now unfortunately you can't :(
Hi @filedescriptor, I've recently been scammed by online cryptocurrency exchange with a huge amount. The website seems to be from HK. Do you think you can help me? Singapore police force is not pursuing further investigation due to cryptocurrency being out of MAS jurisdiction. Please let me know, and would appreciate greatly any help you can provide. Thank you.