正在加载视频...

视频加载失败

返回首页

Somehow, Chrome 130+ started parsing the hostname from javascript URLs again and this can be used for a constrained XSS 🤯 This was the second solution for the recent CTF challenge.

0xacb's profile picture

André Baptista

17,825 subscribers

24,966 次观看 • 1 年前 •via X (Twitter)

新闻政治科学技术
LIVE

Anya Rossi• Live Now

Private livecam show

10 条评论

André Baptista 的头像
André Baptista1 年前

Deeplinks could also be used in this CTF to leak the secret, e.g. evilapp://legit.ethiack.ninja

André Baptista 的头像
André Baptista1 年前

Also, this doesn't work on Firefox

Francisco Neves 的头像
Francisco Neves1 年前

I wonder if other Safari tricks are now working on Chrome as well

𝔐Ǿʄț𝔄𝕭𝔄 𝔖a𝔐𝖀ℛ𝔄𝕴 的头像
𝔐Ǿʄț𝔄𝕭𝔄 𝔖a𝔐𝖀ℛ𝔄𝕴1 年前

intresting🧐

mobin 的头像
mobin1 年前

good tip, thanks for sharing this content😍

payphone 的头像
payphone1 年前

What is the box with the countdown timer thing in it, on the left?

André Baptista 的头像
André Baptista1 年前

It's just

YmV2ZW4K== 的头像
YmV2ZW4K==1 年前

How were you selecting the versions is it a plugin or feature?

André Baptista 的头像
André Baptista1 年前

Check @browserling!

Alex Roqo 的头像
Alex Roqo1 年前

Very interesting

相关视频

Was the recent Texas flood produced artificially? Rainmaker CEO Augustus Doricko says “no,” and contends the technology can actually be used for good.
4:37

Was the recent Texas flood produced artificially? Rainmaker CEO Augustus Doricko says “no,” and contends the technology can actually be used for good.

Dinesh D'Souza

89,469 次观看 • 11 个月前

Give us suggestions for this year's TYASTI! All three of us can play, or it can be another two person challenge. Last year, Jake teed off from the tees and Joez started on the edge of the green
0:37

Give us suggestions for this year's TYASTI! All three of us can play, or it can be another two person challenge. Last year, Jake teed off from the tees and Joez started on the edge of the green

Talkin' Yanks

119,405 次观看 • 3 个月前

#8 Laying on Lindsey and Camilla's laps ... and getting smooshed July challenge for a small video project a day. I should've just used the second from yesterday as this one :D I'm a glutton for ~~inflation via bubblegum~~... :D haha
0:35

Sensitive content

#8 Laying on Lindsey and Camilla's laps ... and getting smooshed July challenge for a small video project a day. I should've just used the second from yesterday as this one :D I'm a glutton for ~~inflation via bubblegum~~... :D haha

Thiridian & Lindsey

34,191 次观看 • 1 年前

Clean water was delivered again today — the second consecutive day — to displaced families in Gaza by the CareFor Gaza team. Grateful for this vital support, but the continued need underscores the urgency of a lasting solution.
2:01

Clean water was delivered again today — the second consecutive day — to displaced families in Gaza by the CareFor Gaza team. Grateful for this vital support, but the continued need underscores the urgency of a lasting solution.

Care For Gaza

28,807 次观看 • 9 个月前

This was so bad for $NVDA as Satya said MSFT is no longer chip supply but power constrained. Oh wait, it was from 2024. Satya said this again on the same BG2 podcast 2 days ago and people are now all over it again.
1:35

This was so bad for $NVDA as Satya said MSFT is no longer chip supply but power constrained. Oh wait, it was from 2024. Satya said this again on the same BG2 podcast 2 days ago and people are now all over it again.

The AI Investor

244,814 次观看 • 7 个月前

Stop and watch this. The collective consciousness is powerful and can be used for good.
1:30

Stop and watch this. The collective consciousness is powerful and can be used for good.

Omid Djalili

1,049,880 次观看 • 2 年前

I can finally share my boards for Jentry Chau vs the Underworld! This sequence got cut down a bit (probably due to time T_T) but it was a fun challenge to get used to the characters and feel for the show. #JentryChauVsTheUnderworld
1:55

I can finally share my boards for Jentry Chau vs the Underworld! This sequence got cut down a bit (probably due to time T_T) but it was a fun challenge to get used to the characters and feel for the show. #JentryChauVsTheUnderworld

Andrew Minghee Kim

23,500 次观看 • 1 年前

The Phoenix Park Ashtown Gate Junction needs a total redesign. And while this is being proposed under BusConnects, it will take some time for this to be built, and so an interim solution will soon be implemented by the local councils. Myself and Feljin Jose have been working on this in recent years and will be looking for feedback on the interim solution once it's implemented in a few weeks time. Watch this space!
0:42

The Phoenix Park Ashtown Gate Junction needs a total redesign. And while this is being proposed under BusConnects, it will take some time for this to be built, and so an interim solution will soon be implemented by the local councils. Myself and Feljin Jose have been working on this in recent years and will be looking for feedback on the interim solution once it's implemented in a few weeks time. Watch this space!

Roderic O’Gorman TD

51,602 次观看 • 1 年前

For many, a trip to the dentist can be nerve-wracking. This California doctor found a solution with four legs and a tail.
2:00

For many, a trip to the dentist can be nerve-wracking. This California doctor found a solution with four legs and a tail.

CBS Evening News with Tony Dokoupil

16,747 次观看 • 4 个月前

We saw close to 130 public high school students give their lives to Jesus today! 🤯 There were two lunches, this was the second one. Watch for yourself as hundreds of students heard the gospel and responded…
0:22

We saw close to 130 public high school students give their lives to Jesus today! 🤯 There were two lunches, this was the second one. Watch for yourself as hundreds of students heard the gospel and responded…

Ross Johnston

94,683 次观看 • 4 个月前

Be a part of the solution and not the problem. Don't be a condemner. Make allowances for people’s weaknesses. Make room for people to be human. Be inspired by this message from Joel, "Be a Safe Place".
0:21

Be a part of the solution and not the problem. Don't be a condemner. Make allowances for people’s weaknesses. Make room for people to be human. Be inspired by this message from Joel, "Be a Safe Place".

Joel Osteen

30,983 次观看 • 1 年前

Schools are *not* ready for this: -Open homework in google chrome -Right click and go to "search with google lens" -Google lens pops up on the right side and answers the question Massive implications for homework. This was an Isaac physics "A level challenge 2" question.
0:26

Schools are *not* ready for this: -Open homework in google chrome -Right click and go to "search with google lens" -Google lens pops up on the right side and answers the question Massive implications for homework. This was an Isaac physics "A level challenge 2" question.

Peter Edmunds 🦄

52,473 次观看 • 8 个月前

2024 was one for the history books. This summer let’s do it again, let's Challenge The Game! #EWC2025
1:06

2024 was one for the history books. This summer let’s do it again, let's Challenge The Game! #EWC2025

Shifters

94,373 次观看 • 1 年前

Watch this!! 🤯🤯 Refs knew the ball was off OKC, and San Antonio coach Mitch Johnson calls for the challenge while the ref still had the ball, and they told him NO!! 😳 🔥😠 IS THIS ACTUALLY RIGGED!?
0:22

Watch this!! 🤯🤯 Refs knew the ball was off OKC, and San Antonio coach Mitch Johnson calls for the challenge while the ref still had the ball, and they told him NO!! 😳 🔥😠 IS THIS ACTUALLY RIGGED!?

HeroOfTheDay

74,417 次观看 • 12 天前

Ollama can now think! 🤔🤔🤔 For thinking models, and especially useful for very thoughtful models like DeepSeek-R1-0528, Ollama can separate the thoughts and the response. Thinking can also be disabled! This is useful for getting a direct response. This works across Ollama's CLI, API, and Python/JavaScript libraries. 🧵 blog post 👇👇👇
1:38

Ollama can now think! 🤔🤔🤔 For thinking models, and especially useful for very thoughtful models like DeepSeek-R1-0528, Ollama can separate the thoughts and the response. Thinking can also be disabled! This is useful for getting a direct response. This works across Ollama's CLI, API, and Python/JavaScript libraries. 🧵 blog post 👇👇👇

ollama

106,183 次观看 • 1 年前

How to build an AI agent from scratch. This is the question I get the most, so I recorded this video to show you from the very beginning how you can get started. You can do this in Python, TypeScript, JavaScript, or Ruby.
30:13

How to build an AI agent from scratch. This is the question I get the most, so I recorded this video to show you from the very beginning how you can get started. You can do this in Python, TypeScript, JavaScript, or Ruby.

Santiago

71,768 次观看 • 1 年前

BenDaDonnn was CONFUSED when this girl asked if the pizza someone from his crew ordered was for everyone — he told her NO and somehow started giving her and her friends fasting advice 😭💀
0:49

BenDaDonnn was CONFUSED when this girl asked if the pizza someone from his crew ordered was for everyone — he told her NO and somehow started giving her and her friends fasting advice 😭💀

ThorDKidd

236,940 次观看 • 6 个月前

This may be the luckiest *bad* shot in all of golf! If you put a ball in play and it somehow ends up back in the teeing area - maybe it ricochets off a tree or you hit a topper - you can tee it up again for your second with no penalty.
0:35

This may be the luckiest *bad* shot in all of golf! If you put a ball in play and it somehow ends up back in the teeing area - maybe it ricochets off a tree or you hit a topper - you can tee it up again for your second with no penalty.

USGA

319,432 次观看 • 25 天前

Phase 2 of the Bad Buildings Committee has started. This particular building used to be a car wash, but the vision is to learn from the likes of The Slow where young emerging entrepreneurs can utilise various spaces for business activity.
0:42

Phase 2 of the Bad Buildings Committee has started. This particular building used to be a car wash, but the vision is to learn from the likes of The Slow where young emerging entrepreneurs can utilise various spaces for business activity.

Kholofelo Morodi

15,175 次观看 • 6 个月前