We learn about simple php web apps and why it's so common that php applications have XSS issues. It's all about shitty tutorials.

Showing off some cross site scripting techniques and looking at the chrome XSS Auditor

Reading from the famous paper "The Confused Deputy" by Norm Hardy and make a connection to modern web vulnerabilities like XSS and CSRF.

Introduction to AngularJS {{expressions}}. Next videos will be about bypassing AngularJS expressions in v1.0.8 to gain XSS

Bypassing the AngularJS Sandbox for version 1.0.8 to get XSS.

Testing the old bypass from version 1.0.8 on a new version 1.4.7 where it's fixed, to prepare for a different bypass.

Walkthrough of the sandbox bypass for version 1.4.7 by Gareth Heyes that leads to XSS in AngularJS.


Cross Site Scripting (XSS) is a pwoerful web vulnerability. A lot of XSS are lame an easy to find, but it can get very complex, for example when sandboxes like in AngularJS are used.