XSS on the Wrong Domain T_T - Tech Support (web) Google CTF 2020

Channel:

Subscribers:

920,000

Published on September 18, 2020 3:51:45 PM ● Video Link: https://www.youtube.com/watch?v=9ecv6ILXrZo

Duration: 13:40

49,902 views

2,235

Try chatting with tech support about getting a flag. There is a very easy XSS in the support chat, but the problem is, the XSS is on the wrong domain. So we can't easily grab the flag.

Challenge: https://capturetheflag.withgoogle.com/challenges/web-typeselfsub
Tech Support: https://typeselfsub.web.ctfcompetition.com/

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/

Don't spend money on courses

Other Videos By LiveOverflow

2021-01-10	Kernel Root Exploit via a ptrace() and execve() Race Condition
2020-12-24	IT Security Career Advice
2020-12-01	My Life in Short/Shirt Stories - The Time I Learned PenSpinning (~2007-2009) - Shirt Stories #1
2020-11-26	Solving Nintendo HireMe!!! with "Basic" Math
2020-11-19	Nintendo Hire me!!!!!!!!
2020-11-07	How Hacking Actually Looks Like - ALLES! CTF Team in Real Time
2020-10-26	What is a File Format?
2020-10-18	Guessing vs. Not Knowing in Hacking and CTFs
2020-10-08	Chaining Script Gadgets to Full XSS - All The Little Things 2/2 (web) Google CTF 2020
2020-09-28	Failed DOM Clobbering Research - All The Little Things 1/2 (web) Google CTF 2020
2020-09-18	XSS on the Wrong Domain T_T - Tech Support (web) Google CTF 2020
2020-09-09	XSS a Paste Service - Pasteurize (web) Google CTF 2020
2020-09-01	Why Hackers Love the Number 1,094,795,585
2020-08-25	FPGA simulated on a GPU - GPURTL Google CTF Finals 2019 (reversing)
2020-08-21	Winners of Google Capture-The-Flag Finals 2019 🏳️
2020-08-16	Defusing a Bomb at Google London HQ - Having a Blast Google CTF Finals 2019 (hardware)
2020-08-12	Google CTF Finals 2019!
2020-08-08	Bug Hunter Talks & Init.G for Student - Escal8 2019 Day 2
2020-07-31	Script Gadgets! Google Docs XSS Vulnerability Walkthrough
2020-07-21	VLC Kill Bill: Easter Egg Reverse Engineering
2020-07-08	MMO Hacking Game Design in Unity (IL2CPP) - Game Devlog #4

Tags:

Live Overflow

liveoverflow

hacking tutorial

how to hack

exploit tutorial

google ctf

capture the flag

tech support

web challenge

xss

cors

cross domain

self-xss

bug bounty

cross site scripting

cross-site scripting

CSRF

cookie domain

steal flag

captcha

recaptcha

googlectf

cross-site

same origin policy

sop

caching

fetch