Prototype Pollution, reCAPTCHA and XSS - Solution to June '23 Challenge

preview_player
Показать описание
🏆 The official writeup for the June '23 Challenge. There's at least 3 possible solutions, all featuring prototype pollution (jquery 2.2.4 - deparam) and XSS 😎

The differences will be outlined in the video, but a quick summary:
1) Intended: Pollute Sanitizer() config to allow unknown markup and the Google reCAPTCHA related attributes.
2) Unintended #1: Use reCAPTCHA (srcdoc, like intended) as a gadget without changing Sanitizer config (pollute sitekey).
3) Unintended #2: Use jquery script gadgets ($(x).off - delegateTarget), bypassing reCAPTCHA and the domain check.

00:00 Intro
01:55 Enable Sanitizer API in Firefox
02:41 Explore site functionality
03:38 Source code review
08:32 Setup challenge (local environment)
10:06 jquery 2.2.4 deparam prototype pollution
12:45 reCAPTCHA as a gadget
15:01 Pollute Sanitizer() config
18:37 Bypassing the domain check (remote)
20:51 Summary of intended solution
22:04 Bonus: Unintended #1 - reCAPTCHA sitekey pollution
23:17 Bonus: Unintended #2 - jquery script gadgets
25:02 Recap
26:24 Conclusion
  1. Intigriti
  2. prototype pollution
  3. recaptcha
  4. g-recaptcha
  5. XSS
  6. cross site scripting
Рекомендации по теме
Prototype Pollution, reCAPTCHA 0:27:03

Prototype Pollution, reCAPTCHA and XSS - Solution to June '23 Challenge

Prototype pollution in 0:13:53

Prototype pollution in Google Analytics?! Solution to August '21 XSS Challenge

Prototype Pollution: DOM 0:09:07

Prototype Pollution: DOM XSS via client-side prototype pollution

Prototype pollution is 0:13:48

Prototype pollution is everywhere! Solution to May '22 XSS Challenge

DOM XSS via 0:01:15

DOM XSS via an alternative prototype pollution vector

What is Prototype 0:00:59

What is Prototype Pollution?

DOM Invader: Prototype 0:21:01

DOM Invader: Prototype Pollution

Web Security Academy 0:56:13

Web Security Academy | Prototype Pollution | 1 - DOM XSS Via Client-Side Prototype Pollution

What are Prototype 0:00:42

What are Prototype pollution vulnerabilities | OWASP Top 10 | Bug Bounty Service LLC

Testing for prototype 0:03:52

Testing for prototype pollution with DOM Invader

Client-side prototype pollution 0:01:47

Client-side prototype pollution in third-party libraries

Михаил Ефанов — 0:15:49

Михаил Ефанов — XSS на GitLab через prototype pollution

SnykCon CTF - 0:12:57

SnykCon CTF - 'Invisible Ink' Prototype Pollution

Prototype Pollution labs 0:00:13

Prototype Pollution labs on portswigger #burp #bounty #ctf #short

Understanding JavaScript Prototypes 0:15:01

Understanding JavaScript Prototypes & Prototype Pollution Attacks

How to solve 0:10:31

How to solve Prototype Pollution CTF challenges?

Exfiltrating sensitive data 0:03:40

Exfiltrating sensitive data via server-side prototype pollution

Web Security Academy 0:29:22

Web Security Academy | Prototype Pollution | 4 - Client-Side Prototype Pollution Third-Party Library

Bypassing flawed input 0:01:01

Bypassing flawed input filters for server side prototype pollution

BUG BOUNTY: UNDERSTANDING 0:19:34

BUG BOUNTY: UNDERSTANDING PROTOTYPE POLLUTION VULNERABILITY | 2023

How you can 0:01:13

How you can hack a website with prototype pollution

Prototype Pollution | 0:05:07

Prototype Pollution | FooBar CTF | CTF For beginners

Web Hacking -Server-Side 0:10:06

Web Hacking -Server-Side Prototype Pollution

🇫🇷 PROTOTYPE POLLUTION 0:28:05

🇫🇷 PROTOTYPE POLLUTION

Комментарии
Автор

amazing video and challenge, never been screwed over so badly by a dot

sgrumx
Автор

wow....this is rare javascript jem for me!!!!

tthtlc
Автор

Por favour, please...just 1 video covering writing reports..us newbies to legal hacking need it..

camelotenglishtuition