Failed DOM Clobbering Research - All The Little Things 1/2 (web) Google CTF 2020
All The Little Things was a pretty hard web challenge from the Google CTF 2020. In this video we do some initial recon and research and try to find an angle to attack. Part 1/2.
00:00 - Intro 00:50 - Functionality Overview 01:29 - HTML Injection 02:25 - Making a Plan 02:50 - theme.js Discovering JSONP Endpoint 03:51 - user.js The User Class 04:23 - utils.js Start of Chain 04:44 - No Ideas... 05:07 - DOM Clobbering: window.load_debug 06:05 - Doing Security Research 07:25 - Anything else to clobber? 07:49 - Start from beginning, discover __debug__ 08:10 - The load_debug() function 09:20 - window.name is special 09:41 - Try it yourself! 10:00 - Outro
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow → per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join