Watch how Hackers deface websites...
Вставка
- Опубліковано 7 лис 2024
- Check out Fing, an awesome network administration tool that lets you manage your network like a Pro! Get 25% off on the premium version using my link: bit.ly/3wOU6e1
In this video, I demonstrate how hackers deface websites with Stored Cross Site Scripting (XSS). Stored cross-site scripting arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way.
If you don't know what defacing is, it simply means maliciously changing the content of a website so that whenever any user goes to the website they see the content that has been put there by the hacker instead of the actual website.
The website that I used in this video is an open source web application that is built to be vulnerable to numerous vulnerabilities. I made some minor modifications to the app to help me perform my demonstration.
The modified docker image of the app can be found here: hub.docker.com...
DISCLAIMER: This video is intended only for educational purposes.
The experiments in this video are performed in a controlled
lab setup and not on a live target. The content is purely
from a penetration testing perspective. I do not
condone or encourage any illegal activities.
To setup this vulnerable app on your computer, install docker and execute these commands:
1. Pull the Image from docker hub:
docker pull tejaswaroop156/juice_shop_mod
2. Start the app
docker run -d -p 3000:3000 tejaswaroop156/juice_shop_mod
Join my Discord: / discord
Follow me on Instagram: / teja.techraj
Website: techraj156.com
Blog: blog.techraj15...
Thanks for watching!
SUBSCRIBE for more videos!
man your videos are so clear and the music is just mwah
Long time here. Best video ❤
Full video on this with full explanation
It is full video and all things all explained
Hello buddy, can you make a full course on website defacement please
Wow, you really intelligent and full of knowledge
Bro this changes only seen by us when we login with our credentials. How these changes become permanent to other user also
1. I don't think this changes every part of the website. Just the url that linked to this user. I might be wrong here but that's how I interpreted this. Especially if the server rerenders thing on requests (Say with a templating engine). Then I don't see how this could pollute any code outside on this user's link.
2. The initial payload needs to be hosted, but once it's does its job, depending on whether the website backends rerenders the page on request or not, it might not needed to be continuously hosting. However, in most modern sites it most likely will still be rerendered. So you will have to continuously host the script.js somewhere.
Now, what's the point of this? Say if you have a site someone can donate to you via your user page. You can have a part of your bio be replacing the donate button to link to your own site - and then card stealing that way. (Literally 101 example of xss)
Essentially, the target user has to have the script run on their browser. If you search xss and then go to snyk's link on it, you'll even see that their example relied on you chatting a user and the script being passed onto that user's browser - which is the essentials needed for xss.
Hi
How to install wordpress in subdirectory in aws
Have been watching you for years!
Just a question,did you just download a picture off the web and changed it to hacker.png and basically added that into your js file with the html script?
So after injecting the payload how does a website get rid of the code? Because in real world scenarios this can cause a lot of damage.
Great Video 👍
How does fing block system work as it's doesn't access your router admin panel
Can i use social media by create account in them through being anonymous
How to host a file on the target website where we left the xss payload.. that's is where the defacement takes place...
he wont tell
Im learning hacking, can u tell me what are the best pro hacking group i want to join
bro HTML page not showing why ??
alert('XSS Attack!');
I think Bro wakeup from a coma
How r u doing brother 😁💥
Good video ,need more ways to hack website... (For learning purposes)
Or if any resources or video ,just paste the link of that video or resources.. please
😂😂😂
Another video on this topic
Isn’t this similar to sql injection?
sql injections are bascially cross site scripting (XSS) for databases, this can allow users to download, modify and delete the database or parts of it. XSS on the other hand only works for websites, hence HTML tags
@@vasipalle thanks!
Thanks❤
Video on how to find someones phone number, address, email, password, ip address in the first place
make video how to email spoof happens
Educational purposes only 😂
😂😂
@@gg-mr4qr yep
Comeback
Hi I
How to hack and destroy systems
Yes
How@@e-talian1245
I want to make a script for a game, brother, I want to earn money. Tell me brother, will you help me?
how do i contact you
How to hack social media companies and power my social media account so that no one cant block me and my post get popular and on top
It is because
HELLO
alert(1)
Bro that not gonna work😂😂😂😂