Overview
Learn how to exploit web security vulnerabilities through a detailed walkthrough video of the "Safe Notes 2.0" challenge from Intigriti's 1337UP LIVE CTF 2024. Explore advanced web security concepts including DOM Clobbering, client-side path traversal (CSPT), and open redirect vulnerabilities to achieve cross-site scripting (XSS) attacks. Follow along with source code review, attack planning, HTML injection techniques, and step-by-step exploitation methods to understand how seemingly secure applications can be compromised. Gain practical insights into identifying and chaining multiple vulnerabilities together, with demonstrations of DOM manipulation, path traversal mechanics, and payload construction. Perfect for security researchers, CTF participants, and web developers looking to better understand modern web application security challenges and defense strategies.
Syllabus
Intro
Source code review
Attack plan
HTML injection
DOM clobbering
Client-side path traversal
Identify useful endpoint for CSPT
More DOM clobbering
XSS
Conclusion
Taught by
CryptoCat