Reflected XSS into a JavaScript string with angle brackets and double quotes HTML-encoded

preview_player
Показать описание
In this lab we run a cross site scripting attack by bypassing the escaping of injected single quotes taking place on the server. This lab is provided by Portswigger with the title - Reflected XSS into a JavaScriipt string with angle brackets and doubles quotes HTML-encoded.

Support This Channel
======================

Please like and subscribe, it means a lot!

Please buy me a coffee so I can continue to make content.

Join our Discord

00:00 Introduction
00:38 Exploring the lab
01:20 Attempting javascript string breakout
02:52 Escaping escaping
04:01 Solving the lab
05:31 Summary
  1. z3nsh3ll
  2. reflected XSS into a JavaScript string with angle brackets and double quotes HTML-encoded
  3. reflected XSS
  4. XSS
  5. HTML encoding
  6. angle brackets
Рекомендации по теме
Reflected XSS into 0:02:01

Reflected XSS into a JavaScript string with angle brackets HTML encoded (Video solution, Audio)

Reflected XSS into 0:06:00

Reflected XSS into a JavaScript string with angle brackets and double quotes HTML-encoded

Reflected XSS into 0:05:07

Reflected XSS into Javascript String - Cross Site Scripting Demonstration

Reflected XSS into 0:01:27

Reflected XSS into a JavaScript string with angle brackets HTML encoded (Video solution)

PortSwigger Labs - 0:09:58

PortSwigger Labs - Reflected XSS into a JavaScript string with angle brackets HTML encoded

Reflected XSS into 0:10:29

Reflected XSS into a JavaScript String with Single Quote and Backslash Escaped

Reflected XSS into 0:03:10

Reflected XSS into a JavaScript string with single quote and ... escaped (Video solution, Audio)

Cross-Site Scripting Lab 0:06:39

Cross-Site Scripting Lab Breakdown: Reflected XSS into HTML context with nothing encoded

Reflected Cross-Site Scripting 0:06:30

Reflected Cross-Site Scripting (Reflected XSS) Explained

Reflected XSS into 0:00:19

Reflected XSS into a JavaScript string with angle brackets HTML encoded

Reflected XSS into 0:02:37

Reflected XSS into a JavaScript string with angle brackets and double quotes (Video solution)

Reflected XSS into 0:02:00

Reflected XSS into a JavaScript string with single quote and backslash escaped (Video solution)

Reflected XSS in 0:00:34

Reflected XSS in a JavaScript URL with some characters blocked

Reflected XSS into 0:01:40

Reflected XSS into a JavaScript string with angle brackets HTML encoded

Reflected XSS into 0:02:56

Reflected XSS into a JavaScript string with angle brackets ... (Video solution, Audio)

Reflected XSS into 0:00:31

Reflected XSS into a JavaScript string with angle brackets HTML encoded

Reflected XSS into 0:01:24

Reflected XSS into a JavaScript string with angle brackets HTML encoded

Reflected XSS into 0:01:12

Reflected XSS into attribute with angle brackets HTML encoded (Video solution)

Reflected XSS in 0:24:51

Reflected XSS in a JavaScript URL with some characters blocked - Explaining the Payload

Reflected XSS into 0:02:32

Reflected XSS into a JavaScript string with angle brackets HTML encoded

PortSwigger Labs - 0:02:55

PortSwigger Labs - Reflected XSS into a JavaScript string with single quote and backslash escaped

Reflected XSS into 0:04:54

Reflected XSS into a JavaScript string with angle brackets and double quotes HTML-encoded

Reflected XSS into 0:05:49

Reflected XSS into HTML Attribute

Portswigger - XSS 0:07:31

Portswigger - XSS - Lab #1 Reflected XSS into HTML context with nothing encoded

Комментарии
Автор

bro why this payload didn't work \'-alert()-\' ?

Amit-fnbw
Автор

i dont understand that whaat was the use of this ??

raoashar
join shbcf.ru