The Age of Universal XSS

preview_player
Показать описание
In August 1996, Internet Explorer joined the JavaScript security scene after they added JScript. During this era from around 1996-2000, tons of bugs were found what we would call today "Universal Cross-site Scripting". I find this word confusing, but looking back at the history, we can try to make sense of it.

Episode 03:
00:00 - Intro to the "Age of Universal XSS"
01:16 - JavaScript Security in Netscape 1996
01:52 - JScript Vulnerability in Internet Explorer
03:38 - Georgi Guninski: IE can read local files (1998)
05:12 - Who is Georgi Guninski?
06:36 - Georgi Guninski: IE 5 circumventing cross-frame security policy
09:41 - David Ross from Microsoft about Georgi
10:16 - "Cross-Frame" Browser Bugs
11:17 - Universal Cross-Site Scripting
12:15 - Outro

-=[ ❤️ Support ]=-

-=[ 🐕 Social ]=-

  1. LiveOverflow
  2. Live Overflow
  3. liveoverflow
  4. hacking tutorial
  5. how to hack
  6. exploit tutorial
Рекомендации по теме
The Age of 0:12:35

The Age of Universal XSS

$750 Bounty for 0:00:11

$750 Bounty for Universal XSS | BRAVE

Universal XSS, Open 0:00:40

Universal XSS, Open redirect in HackerOne unofficial Android App

XSSPwn - Cross 0:05:35

XSSPwn - Cross Site Scripting XSS Automatic Scanner

XSS: How To 0:06:00

XSS: How To Look For XSS - HackALong

Why proofing impact 0:04:47

Why proofing impact for every XSS is 'dumb' - Bug Bounty Reports

XSS History and 0:13:38

XSS History and Conclusion - Jim Manico

Do you know 0:13:42

Do you know what XSS is?

The Origin of 0:14:21

The Origin of Cross-Site Scripting (XSS) - Hacker Etymology

November 9, 2022 0:00:16

November 9, 2022

Tracking Origins of 0:00:16

Tracking Origins of Hackers Start Gmail on iPad XSS 20191001

Easy Way To 0:00:55

Easy Way To Find cross-site scripting (xss) | #shorts #shortsvideo | #bugbounty

Script Gadgets! Google 0:18:57

Script Gadgets! Google Docs XSS Vulnerability Walkthrough

🏃💨 Subway Surfers 0:01:06

🏃💨 Subway Surfers - Official Launch Trailer

What is XSS/Cross-Site 0:09:40

What is XSS/Cross-Site Scripting? // Featuring XSS Rat

The Same Origin 0:12:19

The Same Origin Policy - Hacker History

The Future Of 0:00:58

The Future Of Hacking #shorts

The Three JavaScript 0:11:59

The Three JavaScript Hacking Legends

Dani & Gigi 0:00:46

Dani & Gigi -Move In

DEF CON 30 0:39:55

DEF CON 30 - Dongsung Kim - CSRF Resurrections Starring the Unholy Trinity

Seatbelts for Web 0:51:32

Seatbelts for Web App (Security Headers)

XSS-уязвимости 1:02:02

XSS-уязвимости

Diana and Roma 0:31:14

Diana and Roma Funny Kids Adventure stories / Video compilation

Комментарии
Автор

This series of historic web vulnerabilities is amazing

lucho
Автор

I understand nothing about coding or anything but this guy still entertains me.

Techsplosion
Автор

this is a great series! I love the historical look at vulnerabilities

JoeyRH
Автор

Ich habe heute deinen Stream mit John gesehen und bin sehr beeindruckt. Ich danke dir, dass du deine Zeit spendest um Youtube Videos zu erstellen und dein Wissen zu teilen.

rainerzufall
Автор

Thanks for sharing these videos. It gives a super importa view ln modern technologies and all the craziness involved

motbus
Автор

Didn't know they still had Windows 95 in the year "19997".

krusic
Автор

God damn, these are legends, the last hack was insane .

damejelyas
Автор

The early age of browser security or lackthereof :)

Wyvernnnn
Автор

I may be more interested in how they discovered these vulnerabilities at the time. Presumably they have a good understanding of the operating principle of the browser framework or the operating method of JavaScript.

wildcodedeveloper
Автор

Wieder ein grandioses video. Ich bin gespannt wenn wir die spannende zeit mit csrf und xss auf myspace ankommen (durch samys grandiosen wurm). Und firsheep, womit man im wep lan per firefox plugin automatisch in anderen social networks eingeloggt war. Herrliche zeit. 😅

chrizzzly_hh
Автор

I miss these good old times very much..

Haxelrd
Автор

i really apreciate your help with dowloanding this software

zanarxhy
Автор

‘Most of you know what reflected or stored XSS is’ I’m sorry but I have no idea what on earth that is

Techsplosion
Автор

Nice series. Takes you back in time. Kinda reminds you why we are still the white hats. Even tho there are millions to be made on dark side, but we still choose the light, bad salary and imposter syndrome.

xAnomaly
Автор

Microsoft didn't have any brower security at this time. There was ActiveX after all. That's remote code execution by design!

rogirwin
Автор

This is the kind of history they should be teaching in

BlackHermit
Автор

What do you think about making a video that debates the use of modern anti cheat software (such as Riot Vanguard) with regards to security? When it got introduced I read a lot of cricism online about how it could be used to hack your computer, and I wonder how realistic or how practical this really is.

niki
Автор

I rememeber the times. Took two bloody decades to more or less clean up that mess.
Seemed hopeless. And I'm still not convinced it was all worth it.

TilmanBaumann
Автор

The opener cap is a security grant, and if the designers of the DOM API had thought in these terms, we would have avoided these vulnerabilities. It's painful to think that we went down the wrong path (in SOP), and there's no sign of turning back.

capability-snob
Автор

Where did you find such an old image of windows, to install in a vm ? ps : very interesting information, currently doing my own research.

MADhatter_AIM