- 54
- 87 306
Arfi Tutorials
India
Приєднався 28 чер 2021
Welcome to my Bug Bounty journey! I'm a passionate ethical hacker on a mission to uncover security vulnerabilities in the digital world. Through my UA-cam channel, I share my exploits, discoveries, and insights on all things Bug Bounty related.
Join me as I navigate the exciting world of ethical hacking, sharing tips and tricks, strategies, and real-world scenarios that will help you sharpen your skills and advance your Bug Bounty career.
I've uncovered critical vulnerabilities in some of the world's most popular websites and applications, earning substantial rewards along the way.
So if you're ready to join me on this thrilling ride, hit that subscribe button and let's get started!"
Join me as I navigate the exciting world of ethical hacking, sharing tips and tricks, strategies, and real-world scenarios that will help you sharpen your skills and advance your Bug Bounty career.
I've uncovered critical vulnerabilities in some of the world's most popular websites and applications, earning substantial rewards along the way.
So if you're ready to join me on this thrilling ride, hit that subscribe button and let's get started!"
SQL Injection & XSS: How Hackers Exploit Websites
In this video, we dive deep into the world of web security by exploring two of the most common and dangerous vulnerabilities: SQL Injection and Cross-Site Scripting (XSS). Understanding these threats is crucial for developers, IT professionals, and anyone interested in cybersecurity.
How hackers exploit these vulnerabilities to access and manipulate data
Real-world examples of SQL Injection and XSS attacks
Step-by-step demonstrations of these exploits in action
#bugbountytips
#bugbountyhunter
#bugbountytip
#bugbountyhunting
#bugbountylife
#bugbountyprogram
#bugbountyplatform
#bugbountytraining
#bugbounty
#bugbountypoc
#poc
#cybersecurity
Disclaimer: The content on this channel is for educational purposes only. Engaging in any hacking or unauthorized access without proper authorization is illegal. Any actions taken based on the information provided are at your own risk.
How hackers exploit these vulnerabilities to access and manipulate data
Real-world examples of SQL Injection and XSS attacks
Step-by-step demonstrations of these exploits in action
#bugbountytips
#bugbountyhunter
#bugbountytip
#bugbountyhunting
#bugbountylife
#bugbountyprogram
#bugbountyplatform
#bugbountytraining
#bugbounty
#bugbountypoc
#poc
#cybersecurity
Disclaimer: The content on this channel is for educational purposes only. Engaging in any hacking or unauthorized access without proper authorization is illegal. Any actions taken based on the information provided are at your own risk.
Переглядів: 625
Відео
Calling All Hackers: What Hacking Challenges Do You Want to See?
Переглядів 2612 місяці тому
We're planning our next series of videos and we need YOUR input! We're diving deep into the world of ethical hacking, and we want to make sure our content hits the mark. What topics do you want to learn about? Whether you're a beginner or looking to sharpen your skills, let us know! 👍 Like, 📢 Comment, and 🔔 Subscribe to stay updated! #EthicalHacking #Cybersecurity #PenTesting #TechEducation #Au...
Scan a website for vulnerabilities using Burp Scanner
Переглядів 1,3 тис.2 місяці тому
Using Burp Suite's scanner to find bugs in a web application involves several steps. Below is a guide to help you effectively use Burp Suite Scanner to identify vulnerabilities: Prerequisites 1. Install Burp Suite: Ensure you have Burp Suite installed on your machine. The free version is sufficient for learning and basic scanning, but the professional version has more features and a more powerf...
No Rate Limit for OTP and Subscribe Lead to Email Flooding
Переглядів 4032 місяці тому
No Rate Limit is a vulnerability where a web application does not restrict the number of requests a user can make to a particular resource or action within a specific time frame. This can allow attackers to perform automated tasks at a very high rate, potentially leading to various malicious activities such as brute force attacks, denial of service (DoS), and scraping. Impact of a No Rate Limit...
Time based blind SQL Injection | Bug Bounty POC 2024
Переглядів 6792 місяці тому
Time-based blind SQL injection is a type of SQL injection attack that relies on SQL queries that cause a delay in the database response. This technique is used when the attacker cannot see the result of the SQL query directly, but can infer information based on the time it takes for the database to respond. Impact of Time-Based Blind SQL Injection: 1. Data Breach: Attackers can potentially acce...
Self XSS and HTML Injection | Bug Bounty POC 2024
Переглядів 7353 місяці тому
HTML Injection: Injecting malicious code into a website to alter its content or redirect users to harmful sites, exploiting vulnerabilities in the site's code. XSS (Cross-Site Scripting): A common web vulnerability where attackers inject malicious scripts into web pages to steal user data like cookies or perform actions on behalf of users. #bugbountytips #bugbountyhunter #bugbountytip #bugbount...
XSS to SQL Injection | Bug Bounty POC 2024
Переглядів 2,4 тис.3 місяці тому
1. Cross-Site Scripting (XSS): Cross-Site Scripting (XSS) is a security vulnerability typically found in web applications. It allows attackers to inject malicious scripts into web pages viewed by other users. These scripts can be executed in the context of the victim's browser, potentially allowing the attacker to steal sensitive information, manipulate web content, or perform other malicious a...
SQL Injection | Bug Bounty POC 2024
Переглядів 2 тис.3 місяці тому
A SQL injection vulnerability has been identified in affected system. This vulnerability allows an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, and other security breaches. Recommendations: To mitigate this vulnerability, we recommend the following actions: 1. Implement input validation and parameterized queries to prevent SQL injection at...
Reflected XSS and HTML Injection | Bug Bounty POC 2024
Переглядів 7423 місяці тому
HTML Injection: Injecting malicious code into a website to alter its content or redirect users to harmful sites, exploiting vulnerabilities in the site's code. XSS (Cross-Site Scripting): A common web vulnerability where attackers inject malicious scripts into web pages to steal user data like cookies or perform actions on behalf of users. #bugbountytips #bugbountyhunter #bugbountytip #bugbount...
XSS, HTML Injection and Open Redirect | Bug Bounty POC 2024
Переглядів 1,4 тис.4 місяці тому
HTML Injection: Injecting malicious code into a website to alter its content or redirect users to harmful sites, exploiting vulnerabilities in the site's code. XSS (Cross-Site Scripting): A common web vulnerability where attackers inject malicious scripts into web pages to steal user data like cookies or perform actions on behalf of users. Open Redirect: Allowing users to be redirected to exter...
How To Install Kali Linux in VirtualBox (2024)
Переглядів 3,4 тис.5 місяців тому
Are you interested in the fascinating world of cybersecurity and want to learn how to use Kali Linux, one of the most popular Linux distributions for security testing and pentesting? I'll take you step-by-step through the process of installing Kali Linux on a VirtualBox virtual machine. Whether you're an inquisitive beginner or a computer security expert, you'll find valuable information on how...
A Beginner's Guide to Bug Bounty Hunting
Переглядів 9956 місяців тому
In this beginner-friendly guide, we'll walk you through the basics of Bug Bounty Hunting, helping you kickstart your journey into the realm of ethical hacking. Whether you're a cybersecurity enthusiast, a developer, or just curious about the world of digital security, this video is tailored for you. If you find this video intriguing, kindly consider giving it a thumbs up, sharing it with others...
Open Redirect | Bug Bounty Program | Bug Bounty POC 2023
Переглядів 1,3 тис.7 місяців тому
An Open Redirect vulnerability has been discovered. This issue occurs when parameters in the URL are manipulated to redirect users to an external, untrusted website. This flaw can be exploited by attackers to redirect victims to phishing or malicious websites, thereby compromising the security of the user's information. #bugbountytips #bugbountyhunter #bugbountytip #bugbountyhunting #bugbountyl...
Lack of Rate Limiting Causes Email Flooding | Bug Bounty Program | Bug Bounty POC 2023
Переглядів 1 тис.7 місяців тому
The lack of rate limiting on the email sending mechanism allows an attacker to flood a targeted email address with a large volume of messages within a short period. This could lead to service disruption, resource exhaustion, and potential abuse of the email communication system. #bugbountytips #bugbountyhunter #bugbountytip #bugbountyhunting #bugbountylife #bugbountyprogram #bugbountyplatform #...
Blind Cross-Site Scripting (BXSS) | Bug Bounty Program | Bug Bounty POC 2023
Переглядів 1,4 тис.7 місяців тому
A Blind Cross-Site Scripting (Blind XSS) vulnerability arises when the application fails to properly sanitize user-supplied input, specifically in Field/Function/Feature, which is later viewed or processed by an administrative user or a different part of the application. Unlike traditional XSS, Blind XSS payloads are triggered asynchronously and the execution might not be immediate, making it h...
Cross-Site Scripting (XSS) via File Upload Using Filename | Bug Bounty POC 2023
Переглядів 1,5 тис.7 місяців тому
Cross-Site Scripting (XSS) via File Upload Using Filename | Bug Bounty POC 2023
Admin Panel Access | P1 Bug | Bug Bounty Program | Bug Bounty POC 2023
Переглядів 4,2 тис.7 місяців тому
Admin Panel Access | P1 Bug | Bug Bounty Program | Bug Bounty POC 2023
Blind SSRF POC | Bug Bounty Program | Bug Bounty POC 2023
Переглядів 2,4 тис.9 місяців тому
Blind SSRF POC | Bug Bounty Program | Bug Bounty POC 2023
Sensitive Data Exposure of User | Bug Bounty Program | Bug Bounty POC 2023
Переглядів 1,5 тис.9 місяців тому
Sensitive Data Exposure of User | Bug Bounty Program | Bug Bounty POC 2023
Web Cache Poisoning With Multiple Host Headers | Bug Bounty Program | Bug Bounty POC 2023
Переглядів 4,1 тис.10 місяців тому
Web Cache Poisoning With Multiple Host Headers | Bug Bounty Program | Bug Bounty POC 2023
Reflected XSS POC | WAF Bypass | Bug Bounty Program | Bug Bounty POC 2023
Переглядів 4,1 тис.11 місяців тому
Reflected XSS POC | WAF Bypass | Bug Bounty Program | Bug Bounty POC 2023
HTML Injection Leads to XSS and Open Redirect | Bug Bounty Program | Bug Bounty POC 2023
Переглядів 1,4 тис.Рік тому
HTML Injection Leads to XSS and Open Redirect | Bug Bounty Program | Bug Bounty POC 2023
No Rate Limiting on Registration Leads to Email Flooding
Переглядів 2,2 тис.Рік тому
No Rate Limiting on Registration Leads to Email Flooding
EXIF Geolocation Data Not Stripped From Uploaded | Bug Bounty Program | Bug Bounty POC 2023
Переглядів 1 тис.Рік тому
EXIF Geolocation Data Not Stripped From Uploaded | Bug Bounty Program | Bug Bounty POC 2023
Host Header Injection POC | Bug Bounty Program | Bug Bounty POC 2023
Переглядів 2,1 тис.Рік тому
Host Header Injection POC | Bug Bounty Program | Bug Bounty POC 2023
ClickJacking POC | Bug Bounty Program | Bug Bounty POC 2023
Переглядів 3,3 тис.Рік тому
ClickJacking POC | Bug Bounty Program | Bug Bounty POC 2023
DMARC Policy Not Enabled | Bug Bounty Program | Bug Bounty POC 2023
Переглядів 1 тис.Рік тому
DMARC Policy Not Enabled | Bug Bounty Program | Bug Bounty POC 2023
Banner Grabbing Nginx Server Version Disclousure | Bug Bounty Program | Bug Bounty POC 2023
Переглядів 1 тис.Рік тому
Banner Grabbing Nginx Server Version Disclousure | Bug Bounty Program | Bug Bounty POC 2023
ClickJacking POC | Bug Bounty Program | Bug Bounty POC 2023
Переглядів 2 тис.Рік тому
ClickJacking POC | Bug Bounty Program | Bug Bounty POC 2023
No Rate Limit on Reset Password | Bug Bounty Program | Bug Bounty POC 2023
Переглядів 857Рік тому
No Rate Limit on Reset Password | Bug Bounty Program | Bug Bounty POC 2023
thank you so much, I have a question please. When I send an email to a temporary email site I receive the email successfully but when I send the email to my Gmail account I don't receive the email. Is there a problem if I report this vulnerability in this case?
I want the pyloads of sql injection please
i dont understand. Why did you go to the registration page? You can add a valid code without going to the registration page.
By using all test scenarios make complete web application testing video please
Yes
Keep making videoes. Very good content. Just make sure to have some voice throughout the entire video
Thanks, will do!
This is stored xss
Dapet bounty?
Love you bro keep uploading 🎉❤
Thank you, I will
you geted any bounty?
By chance I stumbled on here, I don't know if you'll answer me, I just found an API key exposed in a bounty, the key allowed me to access google services when removing the exposed key I am blocked with a message saying that access is not authorized without a valid API key so I was successful in the exploration have you already received any reward with this failure do you think it is worth continuing sent reports With this flaw do you think they pay? thank you brother and thank you
Video weak
thank you
You're welcome
how to setup windows terminal for hacking ?
hi, this terminal name ?
Kali Linux
Big fan Arfat sir big fan Teach me sir
Sure! Keep following
Which OS you using?
Kali Linux
@@arfitutorials3708 but the interface is different
I have done customization
nice bro make a video about how to use sqlmap tamper scripts to bypass waf to find sqli
Sure!
nice buddy
Glad you liked it
awesome
Today i find self xss html injection and ssrf information levels all are p5
They dont pay for that anymore
I think also able to do IDOR on That website..!!
I'll check
can u tell me how u found this parameter (id)
Crawling the target.
No php site will be available for bug bounty...it's all kiddish finding php sites and making bug bounty videos..kids 😂
This is only for tutorial purpose.
i dont thinks it is 'xss to sql'. i think both are two separate. id is already vulnerable to sqli
First 2 minutes arent nessisary at all, just put it in the description
Sure!
@@arfitutorials3708 hes right, if you arent reading it out loud, we can just read it on our own, we came here for the example sir
Brother can you give source code?
1. COPY and paste the below HTML code. <!DOCTYPE html> <html> <head> <title>Clickjacking PoC</title> </head> <body> <input type=button value="Click here to Win Prize" style="z-index:-1;left:1200px;position:relative;top:800px;"/> < src="esmuat/" width=100% height=100% style=”opacity: 0.5;”></> </body> </html> 2. Edit the src attribute of tag. Change its url to your target site and save the file. 3. Launch the file in browser. 4. Observe that the website is getting embeded in an Iframe.
any other tool check aoi key ?
gmapsapiscanner
pro this is not cp , this is host header injection >_<
That is a valid Cache Poisoning bug mate.
I mean basics of programming is never trust the user. most websites now check your request before processing it.
Absolutely right
is this better than xss_hunter bro?
Alternate of xss hunter
bro one video on idor
Sure!
i think is this self xss.
You can see that input is being reflected.
@@arfitutorials3708 not any vulnerable url ?
It’s POST based XSS
bro i reported xss vulnerability , didn't get response
Tell them to revert.
@@arfitutorials3708 how many days they take to response, when you reported
hello bro can u share the link for poc
Bro making content of lostsec 😅😂
nice
Thanks
Super Bro❤
Thank You! Keep Supporting.
That was awesome bro
Thank you so much! Keep Supporting!
But now these days, until you can do from seever side..it doesnt matter...this is happening in your browser not user. Browser....
Host Header Injection is a security vulnerability that occurs when an attacker manipulates the “Host” header in an HTTP request to deceive a web server or application into processing the request as if it were meant for a different domain.
Impact?
This vulnerability violates the privacy of a User and shares sensitive information of the user who uploads an image.
this is a private or a public program?
did you got bounty bcoz i have a target that showing nginx version too so should i report it or leave what do you think?
Check inscope and out of scope of bug bounty program.
Hello! I don't know if you can help me, I'm using Mac m2 I downloaded the beta version of VirtualBox and when I press the button to Install Kali the screen turns black.
Ofcourse! Check your CPU count, If CPU count is 1, Change it to 2. Also, increase the memory allocated to your Kali Linux. Let me know for further help.
i found vulnerability on zignsec but they not reply
Okay!
We have to just set up our account on hunter, right? When we use its payload it directly logs into the reports tab. Right?
Yes
P4 or P5 ? bounty ?
P3 - P4
Super bro
Thanks
You are the best thank you so much سبحان الله وبحمده سبحان الله العظيم ❤
Your're Welcome! Keep Supporting.
@arfitutorials3708 for a good people like you I will ان شاءالله 🌼
Your're Welcome!
Exploit kiye the bhai