Категории

XSS via ES6 Reflect API - Solution to May '23 Challenge

Опубликовано: 30 Май 2023
на канале: Intigriti
1,618
77

🏆 The official writeup for the May '23 Challenge, featuring XSS and WAF bypass, using the Reflect API from ECMAScript 6 😎

Follow Renwa:   / renwax23  
Solve the challenge: https://challenge-0523.intigriti.io

🧑💻 Sign up and start hacking right now - https://go.intigriti.com/register

🐱💻 Can't get enough of these challenges? - https://blog.intigriti.com/hackademy/...

👾 Join our Discord - https://go.intigriti.com/discord

🎙️ This show is hosted by   / _cryptocat   ( ‪@_CryptoCat‬ ) &   / intigriti  

👕 Do you want some Intigriti Swag? Check out https://swag.intigriti.com

00:00 Intro
01:00 Explore site functionality
01:24 Review input restrictions (WAF)
02:54 ECMAScript6 Reflect API
04:31 Develop payload
06:44 Pop an alert(document.domain)
07:20 Arbitrary XSS
09:20 Conclusion

play_arrow
8,352
63

Put A Finger Down | Drama Queen Edition

Put A Finger Down | Drama Queen Edition
play_arrow
3,171
36

Miss Universe 2018 Favorites - PageantLive with Natalie & Joyce

Miss Universe 2018 Favorites - PageantLive with Natalie & Joyce
play_arrow
54,700
479

Fastcuts Episode 05: Toda Max | Jeepney TV

Fastcuts Episode 05: Toda Max | Jeepney TV
play_arrow
3,203
279

FIVE NIGHTS AT FREDDYS x DEAD BY DAYLIGHT REACTION

FIVE NIGHTS AT FREDDYS x DEAD BY DAYLIGHT REACTION
play_arrow
9,773,892
281 тыс

Anime cosplay|Couples💨|

Anime cosplay|Couples💨|

play_arrow
159
7

MI ଛାଡ଼ିବେ କି Rohit Sharma ? 😲 ଆଗାମୀ IPL ରେ କିଛି ବଡ଼ ହେବାକୁ ଯାଉଛି କି? TRB

MI ଛାଡ଼ିବେ କି Rohit Sharma ? 😲 ଆଗାମୀ IPL ରେ କିଛି ବଡ଼ ହେବାକୁ ଯାଉଛି କି? TRB
play_arrow
3,650
66

Cоревнования по Flat Feeder. Водоем Кричевичи, 7й этап. №2

Cоревнования по Flat Feeder. Водоем Кричевичи, 7й этап. №2
play_arrow
842
17

Free Prostate Cancer Screenings in Philly

Free Prostate Cancer Screenings in Philly
Похожие видео
play_arrow
Decoding Spotify Barcodes - Defcon 32 Coin Challenge Solution [2024]

Decoding Spotify Barcodes - Defcon 32 Coin Challenge Solution [2024]
play_arrow
XSS via CSPT and Open Redirect - Solution to August '24 Challenge (Defcon)

XSS via CSPT and Open Redirect - Solution to August '24 Challenge (Defcon)
play_arrow
Intigriti Kick off 2024

Intigriti Kick off 2024
play_arrow
Exploiting Insecure Output Handling in LLMs

Exploiting Insecure Output Handling in LLMs
play_arrow
Indirect Prompt Injection

Indirect Prompt Injection
play_arrow
Exploiting Vulnerabilities in LLM APIs

Exploiting Vulnerabilities in LLM APIs
play_arrow
Exploiting LLM APIs with Excessive Agency

Exploiting LLM APIs with Excessive Agency
play_arrow
Intigriti Customer Story: Personio

Intigriti Customer Story: Personio
play_arrow
Performing CSRF Exploits Over GraphQL

Performing CSRF Exploits Over GraphQL
play_arrow
Misconfig Mapper - Hacker Tools

Misconfig Mapper - Hacker Tools
play_arrow
Bypassing GraphQL Brute Force Protections

Bypassing GraphQL Brute Force Protections
play_arrow
Finding a Hidden GraphQL Endpoint

Finding a Hidden GraphQL Endpoint
play_arrow
Accidental Exposure of Private GraphQL Fields

Accidental Exposure of Private GraphQL Fields
play_arrow
Accessing Private GraphQL Posts

Accessing Private GraphQL Posts
play_arrow
Prototype Poisoning and Unicode Case Mapping Collision - Solution to March '24 Challenge

Prototype Poisoning and Unicode Case Mapping Collision - Solution to March '24 Challenge
play_arrow
Introduction to GraphQL Attacks

Introduction to GraphQL Attacks
play_arrow
Aggressive Scanning in Bug Bounty (and how to avoid it)

Aggressive Scanning in Bug Bounty (and how to avoid it)
play_arrow
Exploiting Server-side Parameter Pollution in a REST URL

Exploiting Server-side Parameter Pollution in a REST URL
play_arrow
Common Scoping Mistakes

Common Scoping Mistakes
play_arrow
Exploiting Server-side Parameter Pollution in a Query String

Exploiting Server-side Parameter Pollution in a Query String
play_arrow
Understanding Scope, Ethics and Code of Conduct (CoC)

Understanding Scope, Ethics and Code of Conduct (CoC)
play_arrow
Exploiting a Mass Assignment Vulnerability

Exploiting a Mass Assignment Vulnerability
play_arrow
Unicode Normalization and Cookie Path Precedence - Solution to February (Valentines) '24 Challenge

Unicode Normalization and Cookie Path Precedence - Solution to February (Valentines) '24 Challenge
play_arrow
Finding and Exploiting an Unused API Endpoint

Finding and Exploiting an Unused API Endpoint