Комментарии:
Fantastic! I was incredibly frustrated only to find out I used MY ID instead of the actual lab ID LOL Thought that would be funny to mention.
ОтветитьHey , your analysis is wrong. The problem isn't contains() , its where the user input ends up , inside jquery selector $() ; Proof of concept is simple , in the console , do this
$("<img src=1 onerror=alert(1)>");
best👍👍👍👍👍
ОтветитьWith out your help, i struggled with this lab. Not convinced it should be 'apprentice level' on portswigger. Thankyou for your help.
ОтветитьThank you for the explanation that provides some context to all this!
Ответитьwow, this is amazing! i solved this box but without really knowing what i was doing but now your video makes it all clear! big thx :)
Ответитьwhy the lab was solved only by iframe ?
ОтветитьGreat explanation! How can we effectively analyze the js code? It contains so much data and functions
ОтветитьIt's a bit difficult to understand brother. Could you explain in simple terms? Even Though I work in cybersecurity, this is a bit tough.😁
ОтветитьThis a good video !!
ОтветитьYou are underrated
ОтветитьThank you for giving us some high level octane knowledge! You're the best!
ОтветитьThank you for the clear and very informative video.🎉🎉
Ответитьman this one was super aennoying
Ответитьgreat explanation, thanks mate
Ответитьwhy was this in the apprentice level though...its actually harder than most apprentice labs in XSS sections
ОтветитьVery precise explanation, why do we need that iframe code?
ОтветитьAwesome explanation, thanks mate!
Ответить