في هذا الفيديو سوف نقوم #شرح استغلال #ثغره ال XSS في اختبار #اختراق المواقع الالكترونيه
وكيف يمكنك #استغلال هذه الثغره لتحقيق #هجوم ناجح
سوف نقوم #بتطبيق #عملي من خلال #حل #لابات portswigger
in this video We will cover an Introduction to #Cross_Site_Scripting XSS to give you an overall idea on what is #XSS? , how to identify XSS #vulnerability entry point ? and some XSS #exploitation #techniques to help build #hacking #methodology . we will solve #portswigger #labs to strengthen your knowledge .
⭐️ محتوا الشرح ⭐️
1- Reflected XSS into HTML context with nothing encoded
2- Stored XSS into HTML context with nothing encoded
3- DOM XSS in document.write sink using source location.search
4- DOM XSS in document.write sink using source location.search inside a select element
5- DOM XSS in innerHTML sink using source location.search
6- DOM XSS in jQuery anchor href attribute sink using location.search
7- DOM XSS in AngularJS expression with angle brackets and double quotes HTML-encoded
8- Reflected DOM XSS
9- Stored DOM XSS
10- Exploiting cross-site scripting to steal cookies
11- Exploiting cross-site scripting to capture passwords
12- Exploiting XSS to perform CSRF
13- Reflected XSS into HTML context with most tags and attributes blocked
14- Reflected XSS into HTML context with all tags blocked except custom ones
15- Reflected XSS with event handlers and href attributes blocked
16- Reflected XSS with some SVG markup allowed
17- Reflected XSS into attribute with angle brackets HTML-encoded
18-Stored XSS into anchor href attribute with double quotes HTML encoded
19- Reflected XSS in canonical link tag
20-Reflected XSS into a JavaScript string with single quote and backslash escaped
21- Reflected XSS into a JavaScript string with angle brackets HTML encoded
22- Reflected XSS into a JavaScript string with angle brackets and double quotes HTML-encoded and single quotes escaped
23- Reflected XSS in a JavaScript URL with some characters blocked
24-Stored XSS into onclick event with angle brackets and double quotes HTML-encoded and single quotes and backslash escaped
25- Reflected XSS into a template literal with angle brackets, single, double quotes, backslash and backticks Unicode-escaped
26- Reflected XSS with AngularJS sandbox escape without strings
27- Reflected XSS with AngularJS sandbox escape and CSP
28- Reflected XSS protected by CSP, with dangling markup attack
29 -Reflected XSS protected by very strict CSP, with dangling markup attack
30- Reflected XSS protected by CSP, with CSP bypass
Links
Web Security Academy: [ Ссылка ]
XSS Cheat Sheet :[ Ссылка ]...
⭐️Social⭐️
عشان يوصلك كل جديد انضم معانا للمجموعه :
[ Ссылка ]
⭐️ Tags ⭐️
-Cross Site Scripting
-XSS
-Web Penetration Testing
-ثغرات المواقع الالكترونيه
-شرح ثغره XSS
