Reflected XSS into a JavaScript string with angle brackets HTML encoded (Video solution)

preview_player
Показать описание
This video shows the lab solution of "Reflected XSS into a JavaScript string with angle brackets HTML encoded" from Web Security Academy (Portswigger)

  1. Michael Sommer
  2. Web Security
  3. Hacking
  4. Portswigger
  5. Burp
  6. Cross-Site Scripting
Рекомендации по теме
Reflected XSS into 0:02:01

Reflected XSS into a JavaScript string with angle brackets HTML encoded (Video solution, Audio)

Reflected XSS into 0:05:07

Reflected XSS into Javascript String - Cross Site Scripting Demonstration

Reflected XSS into 0:06:00

Reflected XSS into a JavaScript string with angle brackets and double quotes HTML-encoded

Reflected XSS into 0:01:27

Reflected XSS into a JavaScript string with angle brackets HTML encoded (Video solution)

PortSwigger Labs - 0:09:58

PortSwigger Labs - Reflected XSS into a JavaScript string with angle brackets HTML encoded

Reflected XSS into 0:10:29

Reflected XSS into a JavaScript String with Single Quote and Backslash Escaped

Reflected XSS into 0:03:10

Reflected XSS into a JavaScript string with single quote and ... escaped (Video solution, Audio)

Cross-Site Scripting Lab 0:06:39

Cross-Site Scripting Lab Breakdown: Reflected XSS into HTML context with nothing encoded

Reflected Cross-Site Scripting 0:06:30

Reflected Cross-Site Scripting (Reflected XSS) Explained

Reflected XSS into 0:00:19

Reflected XSS into a JavaScript string with angle brackets HTML encoded

Reflected XSS into 0:02:37

Reflected XSS into a JavaScript string with angle brackets and double quotes (Video solution)

Reflected XSS into 0:02:00

Reflected XSS into a JavaScript string with single quote and backslash escaped (Video solution)

Reflected XSS in 0:00:34

Reflected XSS in a JavaScript URL with some characters blocked

Reflected XSS into 0:01:40

Reflected XSS into a JavaScript string with angle brackets HTML encoded

Reflected XSS into 0:02:56

Reflected XSS into a JavaScript string with angle brackets ... (Video solution, Audio)

Reflected XSS into 0:01:12

Reflected XSS into attribute with angle brackets HTML encoded (Video solution)

Reflected XSS in 0:24:51

Reflected XSS in a JavaScript URL with some characters blocked - Explaining the Payload

Reflected XSS into 0:02:32

Reflected XSS into a JavaScript string with angle brackets HTML encoded

PortSwigger Labs - 0:02:55

PortSwigger Labs - Reflected XSS into a JavaScript string with single quote and backslash escaped

Reflected XSS into 0:04:54

Reflected XSS into a JavaScript string with angle brackets and double quotes HTML-encoded

Reflected XSS into 0:05:49

Reflected XSS into HTML Attribute

Reflected XSS into 0:00:31

Reflected XSS into a JavaScript string with angle brackets HTML encoded

Portswigger - XSS 0:07:31

Portswigger - XSS - Lab #1 Reflected XSS into HTML context with nothing encoded

Reflected XSS into 0:07:46

Reflected XSS into a JavaScript string with angle brackets HTML encoded - Lab#09

Комментарии
Автор

i have just found that you can put -, +, == or === between this injection '-alert(1)-'

examples: (test them in browser's console)
var a = ' ';
var a = ' ';

ZTechSecurity
Автор

This is more understandable injection
';alert(1)//

can you please explain this
'-alert(1)-'

ZTechSecurity
Автор

Why do we need such symbols though (-, +, ==, ===) and not just do 'alert(1)' ?

giannis
join shbcf.ru