filmov
tv
Prototype Pollution, reCAPTCHA and XSS - Solution to June '23 Challenge
Показать описание
🏆 The official writeup for the June '23 Challenge. There's at least 3 possible solutions, all featuring prototype pollution (jquery 2.2.4 - deparam) and XSS 😎
The differences will be outlined in the video, but a quick summary:
1) Intended: Pollute Sanitizer() config to allow unknown markup and the Google reCAPTCHA related attributes.
2) Unintended #1: Use reCAPTCHA (srcdoc, like intended) as a gadget without changing Sanitizer config (pollute sitekey).
3) Unintended #2: Use jquery script gadgets ($(x).off - delegateTarget), bypassing reCAPTCHA and the domain check.
00:00 Intro
01:55 Enable Sanitizer API in Firefox
02:41 Explore site functionality
03:38 Source code review
08:32 Setup challenge (local environment)
10:06 jquery 2.2.4 deparam prototype pollution
12:45 reCAPTCHA as a gadget
15:01 Pollute Sanitizer() config
18:37 Bypassing the domain check (remote)
20:51 Summary of intended solution
22:04 Bonus: Unintended #1 - reCAPTCHA sitekey pollution
23:17 Bonus: Unintended #2 - jquery script gadgets
25:02 Recap
26:24 Conclusion
The differences will be outlined in the video, but a quick summary:
1) Intended: Pollute Sanitizer() config to allow unknown markup and the Google reCAPTCHA related attributes.
2) Unintended #1: Use reCAPTCHA (srcdoc, like intended) as a gadget without changing Sanitizer config (pollute sitekey).
3) Unintended #2: Use jquery script gadgets ($(x).off - delegateTarget), bypassing reCAPTCHA and the domain check.
00:00 Intro
01:55 Enable Sanitizer API in Firefox
02:41 Explore site functionality
03:38 Source code review
08:32 Setup challenge (local environment)
10:06 jquery 2.2.4 deparam prototype pollution
12:45 reCAPTCHA as a gadget
15:01 Pollute Sanitizer() config
18:37 Bypassing the domain check (remote)
20:51 Summary of intended solution
22:04 Bonus: Unintended #1 - reCAPTCHA sitekey pollution
23:17 Bonus: Unintended #2 - jquery script gadgets
25:02 Recap
26:24 Conclusion
Prototype Pollution, reCAPTCHA and XSS - Solution to June '23 Challenge
Prototype pollution in Google Analytics?! Solution to August '21 XSS Challenge
Prototype Pollution: DOM XSS via client-side prototype pollution
Prototype pollution is everywhere! Solution to May '22 XSS Challenge
DOM XSS via an alternative prototype pollution vector
What is Prototype Pollution?
DOM Invader: Prototype Pollution
Web Security Academy | Prototype Pollution | 1 - DOM XSS Via Client-Side Prototype Pollution
What are Prototype pollution vulnerabilities | OWASP Top 10 | Bug Bounty Service LLC
Testing for prototype pollution with DOM Invader
Client-side prototype pollution in third-party libraries
Михаил Ефанов — XSS на GitLab через prototype pollution
SnykCon CTF - 'Invisible Ink' Prototype Pollution
Prototype Pollution labs on portswigger #burp #bounty #ctf #short
Understanding JavaScript Prototypes & Prototype Pollution Attacks
How to solve Prototype Pollution CTF challenges?
Exfiltrating sensitive data via server-side prototype pollution
Web Security Academy | Prototype Pollution | 4 - Client-Side Prototype Pollution Third-Party Library
Bypassing flawed input filters for server side prototype pollution
BUG BOUNTY: UNDERSTANDING PROTOTYPE POLLUTION VULNERABILITY | 2023
How you can hack a website with prototype pollution
Prototype Pollution | FooBar CTF | CTF For beginners
Web Hacking -Server-Side Prototype Pollution
🇫🇷 PROTOTYPE POLLUTION
Комментарии