2022-09-23

[public] 9.5K views, 2.37K likes, dislikes audio only

LiveOverflow

In August 1996, Internet Explorer joined the JavaScript security scene after they added JScript. During this era from around 1996-2000, tons of bugs were found what we would call today "Universal Cross-site Scripting". I find this word confusing, but looking back at the history, we can try to make sense of it.

Jabadoo Security Hole in Explorer 4.0: https://seclists.org/bugtraq/1997/Oct/85

Aleph One on Jabadoo: https://seclists.org/bugtraq/1997/Oct/87

Georgi Guninski "IE can read local files": https://seclists.org/bugtraq/1998/Sep/47

Georgi's Resume (HIRE HIM!): https://j.ludost.net/resumegg.pdf

"Cross-frame security policy": https://seclists.org/bugtraq/2000/Jan/93

Episode 01 - First JS Bug: /youtube/video/bSJm8-zJTzQ

Episode 02 - Three JS Security Researcher: /youtube/video/VtcA58555lY

Episode 03:

00:00 - Intro to the "Age of Universal XSS"

01:16 - JavaScript Security in Netscape 1996

01:52 - JScript Vulnerability in Internet Explorer

03:38 - Georgi Guninski: IE can read local files (1998)

05:12 - Who is Georgi Guninski?

06:36 - Georgi Guninski: IE 5 circumventing cross-frame security policy

09:41 - David Ross from Microsoft about Georgi

10:16 - "Cross-Frame" Browser Bugs

11:17 - Universal Cross-Site Scripting

12:15 - Outro

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow

→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/

→ Instagram: https://instagram.com/LiveOverflow/

→ Blog: https://liveoverflow.com/

→ Subreddit: https://www.reddit.com/r/LiveOverflow/

→ Facebook: https://www.facebook.com/LiveOverflow/