Vuln App #1
CGX#11: Cross Site Scripting (Training, CGX, Exploit)
CGX: SQL Injection
Hello future Hackers,
In this tutorial you will learn a tiny bit about XSS.
There is a little training challenge waiting for you, which we will dicuss in the video.
You can see the source of the vulnerable application under mask1.code
You can play with it a bit, like we did in the video, and the solution is the name of the php function that you can use to display userinput safely.
Greetings
- gizmore and x
In this tutorial you will learn a tiny bit about XSS.
There is a little training challenge waiting for you, which we will dicuss in the video.
You can see the source of the vulnerable application under mask1.code
You can play with it a bit, like we did in the video, and the solution is the name of the php function that you can use to display userinput safely.
Greetings
- gizmore and x
Vuln App #1
This video introduces you to the concepts of
[Cross Site Scripting / XSS](https://owasp.org/www-community/attacks/xss/)
We will exploit a very simple XSS vuln single page application.
Please excuse us being clueless, cracking is an art ;)
ToC:
- What is XSS?
- Quotes again (hopefully)
- How to output user input?
- Charset awareness
- Other techniques (HTTP Header injection? URL injection?)
- Is Cross-Site-Scripting mostly Dead?