Reflected XSS in a JavaScript URL with some characters blocked
في هذا الفيديو سوف نقوم #شرح استغلال #ثغره ال XSS في اختبار #اختراق المواقع الالكترونيه وكيف يمكنك #استغلال هذه الثغره لتحقيق #هجوم ناجح سوف نقوم #بتطبيق #عملي من خلال #حل #لابات portswigger in this video We will cover an Introduction to #Cross_Site_Scripting XSS to give you an overall idea on what is #XSS? , how to identify XSS #vulnerability entry point ? and some XSS #exploitation #techniques to help build #hacking #methodology . we will solve #portswigger #labs to strengthen your ⭐️ محتوا الشرح ⭐️ 1- Reflected XSS into HTML context with nothing encoded 2- Stored XSS into HTML context with nothing encoded 3- DOM XSS in document.write sink using source location.search 4- DOM XSS in document.write sink using source location.search inside a select element 5- DOM XSS in innerHTML sink using source location.search 6- DOM XSS in jQuery anchor href attribute sink using location.search 7- DOM XSS in AngularJS expression with angle brackets and double quotes HTML-encoded 8- Reflected DOM XSS 9- Stored DOM XSS 10- Exploiting cross-site scripting to steal cookies 11- Exploiting cross-site scripting to capture passwords 12- Exploiting XSS to perform CSRF 13- Reflected XSS into HTML context with most tags and attributes blocked 14- Reflected XSS into HTML context with all tags blocked except custom ones 15- Reflected XSS with event handlers and href attributes blocked 16- Reflected XSS with some SVG markup allowed 17- Reflected XSS into attribute with angle brackets HTML-encoded 18-Stored XSS into anchor href attribute with double quotes HTML encoded 19- Reflected XSS in canonical link tag 20-Reflected XSS into a JavaScript string with single quote and backslash escaped 21- Reflected XSS into a JavaScript string with angle brackets HTML encoded 22- Reflected XSS into a JavaScript string with angle brackets and double quotes HTML-encoded and single quotes escaped 23- Reflected XSS in a JavaScript URL with some characters blocked 24-Stored XSS into onclick event with angle brackets and double quotes HTML-encoded and single quotes and backslash escaped 25- Reflected XSS into a template literal with angle brackets, single, double quotes, backslash and backticks Unicode-escaped 26- Reflected XSS with AngularJS sandbox escape without strings 27- Reflected XSS with AngularJS sandbox escape and CSP 28- Reflected XSS protected by CSP, with dangling markup attack 29 -Reflected XSS protected by very strict CSP, with dangling markup attack 30- Reflected XSS protected by CSP, with CSP bypass Links Web Security Academy: https://portswigger.net/web-security XSS Cheat Sheet :https://portswigger.net/web-security/... ⭐️ Tags ⭐️ -Cross Site Scripting -XSS -Web Penetration Testing -ثغرات المواقع الالكترونيه -شرح ثغره XSS
في هذا الفيديو سوف نقوم #شرح استغلال #ثغره ال XSS في اختبار #اختراق المواقع الالكترونيه وكيف يمكنك #استغلال هذه الثغره لتحقيق #هجوم ناجح سوف نقوم #بتطبيق #عملي من خلال #حل #لابات portswigger in this video We will cover an Introduction to #Cross_Site_Scripting XSS to give you an overall idea on what is #XSS? , how to identify XSS #vulnerability entry point ? and some XSS #exploitation #techniques to help build #hacking #methodology . we will solve #portswigger #labs to strengthen your ⭐️ محتوا الشرح ⭐️ 1- Reflected XSS into HTML context with nothing encoded 2- Stored XSS into HTML context with nothing encoded 3- DOM XSS in document.write sink using source location.search 4- DOM XSS in document.write sink using source location.search inside a select element 5- DOM XSS in innerHTML sink using source location.search 6- DOM XSS in jQuery anchor href attribute sink using location.search 7- DOM XSS in AngularJS expression with angle brackets and double quotes HTML-encoded 8- Reflected DOM XSS 9- Stored DOM XSS 10- Exploiting cross-site scripting to steal cookies 11- Exploiting cross-site scripting to capture passwords 12- Exploiting XSS to perform CSRF 13- Reflected XSS into HTML context with most tags and attributes blocked 14- Reflected XSS into HTML context with all tags blocked except custom ones 15- Reflected XSS with event handlers and href attributes blocked 16- Reflected XSS with some SVG markup allowed 17- Reflected XSS into attribute with angle brackets HTML-encoded 18-Stored XSS into anchor href attribute with double quotes HTML encoded 19- Reflected XSS in canonical link tag 20-Reflected XSS into a JavaScript string with single quote and backslash escaped 21- Reflected XSS into a JavaScript string with angle brackets HTML encoded 22- Reflected XSS into a JavaScript string with angle brackets and double quotes HTML-encoded and single quotes escaped 23- Reflected XSS in a JavaScript URL with some characters blocked 24-Stored XSS into onclick event with angle brackets and double quotes HTML-encoded and single quotes and backslash escaped 25- Reflected XSS into a template literal with angle brackets, single, double quotes, backslash and backticks Unicode-escaped 26- Reflected XSS with AngularJS sandbox escape without strings 27- Reflected XSS with AngularJS sandbox escape and CSP 28- Reflected XSS protected by CSP, with dangling markup attack 29 -Reflected XSS protected by very strict CSP, with dangling markup attack 30- Reflected XSS protected by CSP, with CSP bypass Links Web Security Academy: https://portswigger.net/web-security XSS Cheat Sheet :https://portswigger.net/web-security/... ⭐️ Tags ⭐️ -Cross Site Scripting -XSS -Web Penetration Testing -ثغرات المواقع الالكترونيه -شرح ثغره XSS