Fuzzing Browsers for weird XSS Vectors

Channel:

Subscribers:

920,000

Published on April 14, 2019 9:51:20 AM ● Video Link: https://www.youtube.com/watch?v=yq_P3dzGiK4

Duration: 9:16

68,031 views

2,680

We have a look at another interesting XSS vector due to weird Firefox parsing, and then explore how researchers find this stuff.

Gareth's tweet: https://twitter.com/garethheyes/status/1112661895067156481
insertScript's vector: http://shazzer.co.uk/vector/lt-eating-char

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🔴 Stuff I use ]=-

→ Microphone:* https://geni.us/ntg3b
→ Graphics tablet:* https://geni.us/wacom-intuos
→ Camera#1 for streaming:* https://geni.us/sony-camera
→ Lens for streaming:* https://geni.us/sony-lense
→ Connect Camera#1 to PC:* https://geni.us/cam-link
→ Keyboard:* https://geni.us/mech-keyboard
→ Old Microphone:* https://geni.us/mic-at2020usb

US Store Front:* https://www.amazon.com/shop/liveoverflow

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/

-=[ 📄 P.S. ]=-

All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.

Other Videos By LiveOverflow

2019-06-16	Building an 8-Bit Computer From Scratch
2019-06-16	WebKit RegExp Exploit addrof() walk-through
2019-06-09	Just-in-time Compiler in JavaScriptCore (WebKit)
2019-06-02	The Butterfly of JSObject
2019-05-26	Hacking Browsers - Setup and Debug JavaScriptCore / WebKit
2019-05-19	New Series: Getting Into Browser Exploitation - browser 0x00
2019-05-12	The Origin of Script Kiddie - Hacker Etymology
2019-05-05	Unpacking Redaman Malware & Basics of Self-Injection Packers - ft. OALabs
2019-04-28	Business, Money, 300k Subscribers and What's Next
2019-04-21	GitLab 11.4.7 Remote Code Execution - Real World CTF 2018
2019-04-14	Fuzzing Browsers for weird XSS Vectors
2019-04-07	How did Masato find the Google Search XSS?
2019-04-01	[Live] Pen-Testing and Story Time
2019-03-31	XSS on Google Search - Sanitizing HTML in The Client?
2019-03-24	Weird Return-Oriented Programming Tutorial - bin 0x2A
2019-03-17	Introducing Weird Machines: ROP Differently Explaining part 1 - bin 0x29
2019-03-10	Ethereum Smart Contract Backdoored Using Malicious Constructor
2019-03-06	[Live] GHIDRA HYPE!! - NSA Reverse Engineering Tool
2019-03-03	Rediscovering the f00dbabe Firmware Update Issue - Hardware Wallet Research #7
2019-02-24	Analysing a Firefox Malware browserassist.dll - FLARE-On 2018
2019-02-17	What is a Security Vulnerability?

Tags:

Live Overflow

liveoverflow

hacking tutorial

how to hack

exploit tutorial

xss

gareth heyes

insertscript

xss vector

browser fuzzing

innerhtml

javascript

cross-site scripting

parsing

parser

html parser

security research

alert(1)

onerror

masato