Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Cross-Site Scripting via Client-Side Path Traversal and DOM Clobbering - A Web Security Tutorial

CryptoCat via YouTube

Overview

Learn how to exploit web security vulnerabilities through a detailed walkthrough video of the "Safe Notes 2.0" challenge from Intigriti's 1337UP LIVE CTF 2024. Explore advanced web security concepts including DOM Clobbering, client-side path traversal (CSPT), and open redirect vulnerabilities to achieve cross-site scripting (XSS) attacks. Follow along with source code review, attack planning, HTML injection techniques, and step-by-step exploitation methods to understand how seemingly secure applications can be compromised. Gain practical insights into identifying and chaining multiple vulnerabilities together, with demonstrations of DOM manipulation, path traversal mechanics, and payload construction. Perfect for security researchers, CTF participants, and web developers looking to better understand modern web application security challenges and defense strategies.

Syllabus

Intro
Source code review
Attack plan
HTML injection
DOM clobbering
Client-side path traversal
Identify useful endpoint for CSPT
More DOM clobbering
XSS
Conclusion

Taught by

CryptoCat

Reviews

Start your review of Cross-Site Scripting via Client-Side Path Traversal and DOM Clobbering - A Web Security Tutorial

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.