It’s great to see members of the info sec community work together to solve these complex problems. I’m excited to see more videos like this and can’t wait to see more on your new series on your binary exploitation journey!
When you described how the XSS Auditor worked, I couldn't for the life of me figure out how someone thought that was a good idea. It seems so obviously exploitable.
This really reminds me how web is a congo line of crazy features (XSS auditor) followed by lunatic legacy behaviours (clobbering) melting each other down lol
Knowing dom clobbering, xss auditor tricks, cross domain vectors, etc I could have solved this relatively quickly but I’ve also been in this field for a loong time. Since before there even were classes at uni teaching computer security. This was a insane challenge for anyone that didn’t encounter these techniques before.
I'm really enjoying your content! But your audio is kind of confusing on headsets. Your voiceover volume is shifting Left and Right continuously. I highly recommend using mono audio for your voiceovers.
Excellent content. To get subscribers over million, you should try to make video every 1 month, at least. BTW please let me know what theme do you use in vscode? It looks crazy!
If someone else accesses a public page with an XSS on it, they will also trigger the XSS. You can then access the cookies through some method, and then send those off to a website you control that logs the cookies somewhere. I haven't watched the full video, so this probably won't be the exact method used, but this is the general principle of how you do that.
My brain: watching dis nonsense. My other brain thinking: *thinking of if i take interest in codes by watching all if dis guy video codes i can become agenius familliar with codes in years later before going bankrupt and going genius*
as a British man, hearing somone say "heres a nonce" in an excited voice is funny to me. Other than that, the video was great
It’s great to see members of the info sec community work together to solve these complex problems. I’m excited to see more videos like this and can’t wait to see more on your new series on your binary exploitation journey!
It just proves that security is **HARD**
When you described how the XSS Auditor worked, I couldn't for the life of me figure out how someone thought that was a good idea. It seems so obviously exploitable.
This really reminds me how web is a congo line of crazy features (XSS auditor) followed by lunatic legacy behaviours (clobbering) melting each other down lol
Sounds like my code
I like the idea of the required concepts section 👌
why does this channel have so little subscribers? This content deserves much more appreciation and recognition
I love how your videos are so chill and nice to watch
This content is amazing man! Keep it coming
Knowing dom clobbering, xss auditor tricks, cross domain vectors, etc I could have solved this relatively quickly but I’ve also been in this field for a loong time. Since before there even were classes at uni teaching computer security. This was a insane challenge for anyone that didn’t encounter these techniques before.
Very well made. Great job!
Please upload more often! Love your videos!
Great video! So well explained!
Very good video keep up the good work 👌😊
1:20 - I am totally that one guy that just stumbled upon your videos randomly 😅
I am curious more about how you made this awesome style of this tutor
Greate explanation and video demo. You may want to update the video description to highlight these various attack techniques.
Very good, easy to understanding
Awesome stuff as always! :D
hey bro hope you are doing right, can you do more tutorials on the other vulnerabilities and explain them like you use to do ? pls
Underrated video!
hey @PwnFunction, what paint/drawing software do you use, and what editing software?
just amazing!
Fantastic video
Lmao first I thought you were liveoverflow cause of the Video Styling and Voice🤣
Good Job! man.
Which program you use to make a drawing during the video?
Hi, random person who just stumbled upon your video here so I have no clue what's going on but it sure is interesting to me lol
I love this penguin guy
very deep stuff. nice hoping for more videos like this
I'm that one person who doesn't know who live overflow is who stumbled apon one of your videos
You are a rare one.
Great videos! Do you planning to make more?
Yes, I'll get back in a week.
Nice thinking ;)
I'm really enjoying your content!
But your audio is kind of confusing on headsets.
Your voiceover volume is shifting Left and Right continuously.
I highly recommend using mono audio for your voiceovers.
98.9K? 100K SOON!!!!
It sounds like you are planning a heist or something
17:21 recapcha and recapcha
muito bom
Good luck with HTTP Only Cookies!
Why did your voice change at 2:54
whats the name of the editor liveoverflow using ?
Visual Studio Code
Excellent content. To get subscribers over million, you should try to make video every 1 month, at least.
BTW please let me know what theme do you use in vscode? It looks crazy!
#request
SSRF (bypass filters and firewall)
Can you please turn your handwriting into a font?
✅Added to my TodoList.
@@PwnFunction Is it done?
This looks like another example where a strong typed language would solve all problems.
Dynamic typed language (eg JS) = bad?
Hm I don't quite get it, first the url removes the CONFIG variable, and then the stepone() is called, what called it?
You mean the `stageOne()`?
It's called right after the is loaded, you can see the last line of code @ 20:11 , `onload=stageOne(this)`
@@PwnFunction Ah I didn't notice the onload in the , now it makes sense thanks
this accent is like a german dude
I love ya shit
8:53 in robloc
4:26 bruh, use the "fold all" command
Your accents makes me want to throttle a small puppy until it begins squeaking
NOOOO ME COOKIES!!!!!1!1
Who else saw the stream?
: wow
Still not entirely sure how this lets you get *someone else's* cookie...?
If someone else accesses a public page with an XSS on it, they will also trigger the XSS. You can then access the cookies through some method, and then send those off to a website you control that logs the cookies somewhere. I haven't watched the full video, so this probably won't be the exact method used, but this is the general principle of how you do that.
i am that one person hello
This video made me hate the letter "P".
And B...
F xss auditor
My brain: watching dis nonsense.
My other brain thinking: *thinking of if i take interest in codes by watching all if dis guy video codes i can become agenius familliar with codes in years later before going bankrupt and going genius*