Portswigger - XSS - Lab #3 DOM XSS in document write sink using source location search

แชร์
ฝัง
  • เผยแพร่เมื่อ 24 ธ.ค. 2024

ความคิดเห็น • 5

  • @popo_hack
    @popo_hack  4 หลายเดือนก่อน +2

    Hello my new friends don't forget to follow me on my channel to keep you up to date about everything you need to know to exploit vulnerabilities bit.ly/3TplFRN

  • @AhmedQaramany
    @AhmedQaramany 4 หลายเดือนก่อน +2

    you don't even mention `document write` sink which is the lab created for!

    • @popo_hack
      @popo_hack  4 หลายเดือนก่อน +1

      Hello my friend 😊
      First, thank you for your feedback. You're absolutely right I didn't mention the document.write() method in case that we're testing in black box so we don't have the full vision about the source code. But yeah, it stills my mistake that I didn't explain document.write() and how it can be bad method to use and vulnerable to XSS. 😊
      Again thank you for your fruitful feedback that's help me to improve myself for next videos 😇

    • @AhmedQaramany
      @AhmedQaramany 4 หลายเดือนก่อน

      ​@@popo_hack
      You have misunderstanding just open the source code and search for `document.write` you will find it and this lab should be solved via DOM invader tool or any tool that keep you see the canary\payload reflected where in the DOM.
      Just learn why the lab designed for first then create a video for it.
      keep going bro, I watched some of your race condition and they were amazing

    • @popo_hack
      @popo_hack  3 หลายเดือนก่อน

      Thank you, my friend 🙏 I truly appreciate this kind of feedback, as it helps improve my knowledge and level. I look forward to hearing more from you in my other videos.