Cracking Websites with Cross Site Scripting - Computerphile

that's why i tried breaking things lol

The best and simplest explanation ever in XSS :)

The ending <computerphile> doesn't have a dash because you are supposed to binge the next 20 computerphile videos after it...

I saw a video where someone explained how to gain (control) of /root; using this method on the most secure linux systems through a stack buffer overflow (overloading the system memory in a way that lets them right whatever they choose). /root on a systme = god

Discord forgot about XSS on their new servers page and someone used it to steal accounts 😂

Run JavaScript! Run!

I want these guys to talk about what the hell we experienced on the internet with 2020

Watching this in 2022 and this still feels so relevant.

🤓

My god...Tom Scott is GOAT

I wish I saw this video years ago

I just accidentally crashed the website of my mothers business. I thought searching for "<i>kast" (dutch for closet) wouldn't do anything...turns out it did, and the site is down Edit: turns out it's only on the wifi that i'm on (I guess it has something to do with IP-adresses?) so that's a relief.

Nice

Looking at his pseudo-code: “That’s vaguely sensible” // ❤️

great explanation

Did he use Rick Astley 7 years ago?

"Someone comes along and invents JavaScript."
It would be nice if you gave him credit. It was Brendan Eich.

Nice

Am i too late?

I will learn it

JavaScript is Dangerous 😬

does this work <b> hello </b>

It’s 2020 is css still the biggest vulnerability of websites?

<b> text </b>

<b> wow </b>

so basically this is SQL injection but with javascript

you should know this

Written on DOT MATRIX paper! Brilliant! :)

no

<script>alert("hello")</script>

Amazing explanations Tom. Thank you very much dude.

How would you address the company? Would you tell them upfront, or mention something needs to be fixed?

So who else tried typing <i> on google ?

what about css

Tom “You should know this” Scott

<marquee>Wheeeeeee</marquee>

This channel makes me feel like a numberphile from another dimension has crashed into ours

nice

Great explanation. Thanks!!

I would also tell a bit about other ways javascript can get into your page like ads and etc

I'm a BS Physics student(first year) I really want to learn more about Cyber Security, I want to shift but I would waste my scholarship so yeah I'm watching your videos...Thank you!

Well explained, but he didn't specify any concrete technique for executive such an attack (possibly intentional).
Though, explains the mechanics well enough that one could figure it out. ☺️

Tom explains this in 8 mins better than my Network security professor in an entire lecture

i + 1 = 2

The three ugly sisters of software development:
* HTML
* CSS
* JavaScript

It is so easy to forget (to end/close a tag), or they do it on purpose ... and not for free ...

Oooooorrrr, you can command JavaScript to create web upload form and upload a php file with your filemanager shell and you can modify, add, or delete contents on the pages! 😁

This works

let's try it
woah it worked!