DOM XSS in jQuery Selector Sink using a Hashchange Event

Опубликовано: 23 Январь 2023
на канале: Intigriti

19,517

242

👩‍🎓👨‍🎓 Learn about Cross Site Scripting (XSS) vulnerabilities. In this video, we are going to exploit a DOM-based XSS vulnerability in jQuery selector sink, using a hashchange event.

Overview:
0:00 Intro
2:20 Background: What is the DOM?
2:50 Background: What is DOM XSS?
4:06 Background: Testing HTML Sinks
5:35 Background: Testing JavaScript Execution Sinks
7:03 Background: Location.Hash
8:14 Background: DOM XSS in jQuery: Hashchange Event
10:51 Lab Description
11:30 Review Web App Functionality
13:20 Identify Source and Sink
16:38 Ask ChatGPT
18:53 Self-XSS
19:38 Craft Payload
21:00 Deliver Exploit to Victim
22:11 Conclusion

For more information, check out https://blog.intigriti.com/hackademy/...

🔗 ‪@PortSwiggerTV‬ DOM XSS Challenge: https://portswigger.net/web-security/...

🧑‍💻 Sign up and start hacking right now - https://go.intigriti.com/register

👾 Join our Discord - https://go.intigriti.com/discord

🎙️ This show is hosted by / _cryptocat ( ‪@_CryptoCat‬ ) & / intigriti

👕 Do you want some Intigriti Swag? Check out https://swag.intigriti.com