The Three JavaScript Hacking Legends

Nowadays "it's not a bug, it's a feature used by ad/tracking companies"

minirop

That reminds me that back in time you could hack ATMs in Poland in similar fashion.

You had this overlay that had no way for you to interact but buttons native for the banking program, but one was off and looked different.
It was the 'help' button with some polish docs on how to use the ATM (again, early days of them here).

When you clicked on it, it opened a dialog in which was text possible for selection and that allowed the user for double tap and show of context menu in which was print option.

In print window you needed to tell windows (lol) that you have the magical drivers for the printer you're trying to access and you just have to look for them in... System32 or some other low level folder. When clicked it automatically assumed you're the admin (duh!) and well, that was it.

Wild times.

lukor-tech

I've been going through and rewatching the bin 0x series and the pwnie island series and it reminded me how literally NO OTHER CHANNELS have given me such a strong insight into technology and most importantly how to teach myself. Everytime I'm in a rut and can't think of stuff to make I come back to this channel and it /always/ reignites that passion I have towards technology and automation; and I just have no words to convey how important this channel has been for me and many others, I hope you keep making content and I hope the content that's already on here will be here for many generations of tinkerers to come c:

Rennu_the_linux_guy

To be fair, they are more like web browser vulnerabilities than JavaScript vulnerabilities.

meigyokuthmn

4:45 the <form> tag has a target attribute with the name of the opened window. So I guess that's how the .submit() knows where to send the form to.

SaniSensei

The "read local directory", or even "read local file" and upload to remote server worked even in Internet Explorer 5.x era. Remember exploiting that to get visitors Windows Commander FTP config file.

BTMPL

Love this series of browser and client side security!! Thank you for the wonderful insight and content! :D

huhard

Thank you for explaining this thoroughly!

yesrelmartinez

Yo this helped so much and I always appreciate the content and when i found the channel and got the energy from you from the previous video, you've been nothing but real and can vouch for the amazing content and how down to earth you are with everything! All the most love, respect, and appreciation <3

quenzo

Love the history lessons. :) Would love to here more about all the specific browser features and browser wars. Mario Heiderich just mentioned some of it in lectures. But sadly, i forgot a lot.

kirdneh

thanks, it actually let me through so i could download it.

danielsouza

Excelente muy practico, 100% recomendado

tiimshu

Thank you so much you really help me :)

MuhammadAbdullah

I remember Navigator 2.02 being an unstable pile of whatsit, but it was much better with Javascript off and if you avoided frames, too. I did use it through most of my undergraduate days anyway - back when McGill had the course catalogue as a gopher site!

logiciananimal

These guys are cool, but most of all, Samy is my hero.

dandymcgee

If jscript hadn't existed (and I fully understand why it did) I would probably have embraced browser scripting earlier. Instead I learned how to do a lot of things with CSS.

sobertillnoon

I found the IP of the Minecraft: Live server, but I don't have a working MC account yet, I emailed you about it but you didn't respond. I just want to confirm the IP I have is correct.

mollthecoder

nice job managing eintracht frankfurt btw

quantumbracket

LiveOverflow so looks like John Hammond

waternewt

Well lockdown started with Blender but since my laptop can't handle it, I've relocated

cunisoun