oh damn so many dislikes 🙈😂 i made this entire DVWA video series over a weekend with very little prep and before i learned how to make videos properly. apologies for any quality issues/mistakes, hopefully my newer videos are much better 🥰
Question, why does putting code in the callback= work? Is it only JavaScript code that we can inject? What else can we do here? Can we make the page redirect?
been a little while since i did this now but you should be able to use any JS code there, see some examples here which include page redirect: book.hacktricks.xyz/pentesting-web/content-security-policy-csp-bypass#third-party-endpoints-jsonp for a little more info about JSONP and security issues: vulncat.fortify.com/en/detail?id=desc.semantic.dotnet.javascript_hijacking_jsonp
oh damn so many dislikes 🙈😂 i made this entire DVWA video series over a weekend with very little prep and before i learned how to make videos properly. apologies for any quality issues/mistakes, hopefully my newer videos are much better 🥰
Dude don't apologize these are great
@@vacumecleaner 🙏🥰
Bro u doing a good work actually, there is no video till now for complete dvwa, Thanks a ton man!! Btw how was India?
Thanks mate 🙏🥰 Been to India a couple of times, love it!! Can't wait to get back 🙂
Question, why does putting code in the callback= work? Is it only JavaScript code that we can inject? What else can we do here? Can we make the page redirect?
been a little while since i did this now but you should be able to use any JS code there, see some examples here which include page redirect: book.hacktricks.xyz/pentesting-web/content-security-policy-csp-bypass#third-party-endpoints-jsonp
for a little more info about JSONP and security issues: vulncat.fortify.com/en/detail?id=desc.semantic.dotnet.javascript_hijacking_jsonp
@@_CryptoCat Exactly what I was looking for, I should have known to check hacktricks! Thanks mate!
Random, but how old are you? You sound very young but done an internship abroad in 2014 :O
mmm yeh i get that a lot xD im 31 🧙♂ thanks for reminding me!!
i am know what is self xss...
but dont understand self xss ))))