10 - XSS (DOM) (low/med/high) - Damn Vulnerable Web Application (DVWA)

Рет қаралды 24,397

Күн бұрын

10 - DOM-based Cross Site Scripting (XSS - DOM) (low/med/high difficulties) video from the Damn Vulnerable Web Application (DVWA) walkthrough/tutorial series. DVWA is an intentionally vulnerable application for you to learn about ethical hacking. I made this series for students on the MSc in cybersecurity course at Queen's University Belfast but hopefully it can help others too! Hope you enjoy 🙂
↢Social Media↣
Twitter: / _cryptocat
GitHub: github.com/Crypto-Cat
HackTheBox: app.hackthebox.eu/profile/11897
LinkedIn: / cryptocat
Reddit: / _cryptocat23
KZfaq: / cryptocat23
Twitch: / cryptocat23
↢Damn Vulnerable Web Application (DVWA)↣
github.com/digininja/DVWA
↢DOM-based XSS↣
owasp.org/www-community/Types...
portswigger.net/web-security/...
portswigger.net/web-security/...
portswigger.net/web-security/...
↢Chapters↣
Start - 0:00
Low - 5:52
Low (actually steal cookie) - 9:27
Med - 12:31
High - 17:28
Impossible - 22:34

Пікірлер: 24

@xrt5189 3 жыл бұрын

niiice. walkthrough and explanations. thank you for your work

@level1agario 2 жыл бұрын

1:30 That moment when the FBI enters your house for attempting to do a XSS 😂 Thanks for your videos man. They are really helping me on my last year of university for the cyberattacks subject. I'm in the last year of the computer engineering degree at university. Greets from Spain.

@_CryptoCat 2 жыл бұрын

haha thanks mate! glad they could help 🥰

@architshrotriya9331 2 жыл бұрын

in medium part, the url passed should be 127.0.0.1/dvwa/vulnerabilities/xss_d/?default=English in video there's no double-inverted commas when passing value to onerror attribute, so please correct it, whoever is stuck there

@_CryptoCat 2 жыл бұрын

nice! ty for the correction 🥰

@spaceexplorer865 2 жыл бұрын

Awesome and good explanation bro.

@mahirlabib808 Жыл бұрын

Thanks for all these videos brother.

@_CryptoCat Жыл бұрын

my pleasure 🥰

@bryansuazo6567 3 жыл бұрын

Great video!! under rated man.

@arnavpandey1722 3 жыл бұрын

Awesome!

@tamalchowdhury Жыл бұрын

Hey! I'm following your walkthroughs and learning how to hack. In your first try when you couldn't get the alert to show up, it was because of double quotes: ". After the first quote, you have to do single quote inside alert(' ') otherwise it will close early. We can also use backticks and es6 fetch for sending the data back to our server without redirecting the user.

@user-fu6nj8lv5b 7 ай бұрын

Why you don't attack the imposible level of xss-DOM?

@luciacarrera3523 3 жыл бұрын

why does works but not??

@_CryptoCat 3 жыл бұрын

hey good question which i should really of explained better in the video 😮 i just tested this again now, if you don't break out of the statement then the payload is inside the "value" of an tag and the characters become URL encoded so they dont execute when reflected on the page. when you get chance you can try both ways again and use F12 (devtools) inspector and ctrl + F to find your alert(0) and see the difference between the two payloads.. i wish i would of done this in the video, apologies 😳

@luciacarrera3523 3 жыл бұрын

@@_CryptoCat Thank you for answering!! Your videos are a life saver! I think most of my class is watching this playlist for our final project hahaha

@_CryptoCat 3 жыл бұрын

@@luciacarrera3523 haha awesome! glad i could help 😊