Dawid Mazurek, Szymon Pach: Leveraging XSS payloads and file formats | assurance 2023

youtube.com 1 rok temu


"Hacking with polyglots: Leveraging XSS payloads and file formats"

A polyglot is simply a program or code that can be interpreted or compiled by multiple programming languages, frequently without requiring modifications to the code itself. It refers to the ability of a part of software or code to "speak" multiple languages. For example, a PNG file of a cat that can besides be run as PHP code, or a part of code can be executed by 3 different languages, specified as C, PHP, and Bash, or how a peculiarly crafted XSS payload can exploit vulnerabilities in multiple web languages simultaneously.

In this lecture, we will present what a polyglot is, how to craft specified code or file, how to usage them, and how dangerous they can be with any hands-on examples.

https://confidence-conference.org/