DO NOT USE alert(1) for XSS

DO NOT USE alert(1) for XSS

Channel:
United States LiveOverflow
Subscribers:
920,000
Published on ● Video Link: https://www.youtube.com/watch?v=KHwVjzWei1c


Duration: 12:16
150,504 views
8,690

... and use alert(document.domain) or alert(window.origin) instead.

Blog post: https://liveoverflow.com/do-not-use-alert-1-in-xss/

Sponsored by Google for their Bug Hunter University: https://bughunters.google.com/learn/invalid-reports/web-platform/xss/5108550411747328

00:00 - Intro
00:47 - Why Do We Use Alert(1) for XSS?
02:25 - alert(1) Popup is NOT Proof of a Vulnerability!
03:07 - Invalid XSS Example 1 on Blogger
04:43 - Sandbox Subdomains
06:27 - Sandboxed iframes
08:29 - Invalid XSS Example 2 on Google Sites
09:50 - Why Should You Care About Invalid XSS Issues?
10:55 - Summary
11:55 - Outro

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/



Other Videos By LiveOverflow


2021-10-17Fuzzing Heap Layout to Overflow Function Pointers | Ep. 11
2021-10-06Video Essay about the Security Creator Scene
2021-09-26Did you really find a vulnerability in Google? - ft. @PwnFunction
2021-09-19Developing a Tool to Find Function Pointers on The Heap | Ep. 10
2021-09-12What Ethereum Smart Contract Hacking Looks Like
2021-09-04Discussing Heap Exploit Strategies for sudo - Ep. 09
2021-08-28"Controversial Security" // BSides Berlin 2021
2021-08-26using z3 to reverse a custom hash during a CTF be like #shorts
2021-08-19can you hack this screenshot service?? - CSCG 2021
2021-08-11C Code Review - Reaching Vulnerable Code in sudo | Ep. 08
2021-07-31DO NOT USE alert(1) for XSS
2021-07-24Understanding C Pointer Magic Arithmetic | Ep. 07
2021-07-17Crazy Steam Phishing Page
2021-07-10What is a Browser Security Sandbox?! (Learn to Hack Firefox)
2021-07-02Root Cause Analysis With AddressSanitizer (ASan) | Ep. 06
2021-06-25Found a Crash Through Fuzzing? Minimize AFL Testcases! | Ep. 05
2021-06-18Understand Security Risk vs. Security Vulnerability!
2021-06-11Finding Buffer Overflow with Fuzzing | Ep. 04
2021-06-04Hacker Culture Meritocracy?
2021-05-22Troubleshooting AFL Fuzzing Problems | Ep. 03
2021-05-15Pentesting vs. Bug Bounty vs. Pentesting ???


Tags:
Live Overflow
liveoverflow
hacking tutorial
how to hack
exploit tutorial
bug bounty
google vrp
bug report
alert(1)
xss
cross site scripting
window.location
document.origin
bugbountytips
#bugbountytips
bug hunter
web security
client-side security
ethical hacking
sandbox domain
sandboxed domain
cross-site scripting