Cracking Websites with Cross Site Scripting – Computerphile

100 thoughts on “Cracking Websites with Cross Site Scripting – Computerphile

  1. So you are basically adding scripts in input boxes where the designers never intended you to be able to do that, just like xml injection, but with javascript.
    Why is it called cross site scripting then? there is only one site involved in this process right? for me the name implied that you scripted something from one site to another, somehow.

  2. <computerphile> should be <computerphile/> for a single-tag element, not </computerphile> as most people will suggest, because the latter is the closing tag for a double-tag element.

  3. Javascript is a client side language.. How can you possibly use it to steal a password from a server side language that's for instance php??? Am confused

  4. "That's JavaScript code! I'm gonna run that!"

    Gotta love the childlike enthusiasm of this personification of web browsers.

  5. To sum up the long debate which took place in my last comment:
    either use <strong></strong> or better, don't use bold text.
    Thank you.

  6. So Wikipedia describes him as a comedian to which I agree, but… Does he have a Masters in computer science or a title alike? He's got an amazing skill to explain complex stuff!

  7. Great description of unauthorized Javascript execution but I didn't quite get what was the "cross site" part of this.

  8. I've tossed around the idea of creating my own language, and one of the ideas I had was that, when doing input, rather than getting Strings, you'd get, say, Untrusted<String>. And it would warn you wherever you just naively grab the String out of it without processing it properly.

  9. Obv, instead of making a closing tag at the end of each video, you should have just put like 2000, closing brackets cascading at the end of the video if the channel ever officially shuts down

  10. It's almost like script and content shouldn't be mixed in the same document… but then we'd have to reconsider 30 years of WWW standards.

  11. When tom says he types into the google search bar some code, what kind of code is he talking about? For example could someone show me what form this code takes in the comments ?

  12. How can script posted via text field by one user affect another user? Doesn't script run only for user who posted the script in his browser? How does it magically infect and get out?

  13. How do all of this guys have dot matrix printer paper on this channel. LOL. I haven't seen it since the 90s! Well actually i've seen it in 3-4 videos here on computerphile now, but other than that–the 90s!

  14. 12 grand for finding XSS vulnerability in the biggest social media platform that currently exists.. Sweet.. I think you could get more if you sold in on some forum.

  15. But how can you influence the web page of others by just modifying script on the page you were sent ? You can modify whatever you want, but when another person will send a request to the site, it will send them back the original page, without any of the modification you applied. Am I wrong ?

  16. If instead of using a sheet of paper and your "scribbles" you did a demonstration, directly on the internet, to prove that this is true, perhaps it would have some credibility. Here in Brazil we usually say that "paper accepts everything".

  17. Oooooorrrr, you can command JavaScript to create web upload form and upload a php file with your filemanager shell and you can modify, add, or delete contents on the pages! 😁

  18. Well explained, but he didn't specify any concrete technique for executive such an attack (possibly intentional).
    Though, explains the mechanics well enough that one could figure it out. ☺️

  19. I'm a BS Physics student(first year) I really want to learn more about Cyber Security, I want to shift but I would waste my scholarship so yeah I'm watching your videos…Thank you!

Leave a Reply

Your email address will not be published. Required fields are marked *