Di, I thought Web Cache poisning is So hard to understand because It is a P1 Vulnerability and P1 are difficult to learn but You Made My Day Today, Thanksssssss a Lot Farah Di! ❤️
Awesome! Just to add a bit more to it: Whether a page should be cached or not, also depends on a response header Vary. Do check that out to know exactly what is being used to cache the pages of the website. (Cookies, Accept-Encoding, Extensions etc.).
hey farah your video is really helpful even though i've already been 3 years in bug bounty community, i still find your videos very helpful especially the most basics one i tend to forget it , do you plan creating your udemy tutorials soon?
Hello Madam we all like your way of teaching. We are requesting please make a video on the bugcrowed bug bounty where we get how to choose program , initial steps to any bug bounty and how to perform and which tools are used and os is useful for bug bounty and most important report writing for anyone of program in bugcrowed. Waiting for your reply. Thank you.
Hi! I'd like your opinion on the platform INE Training, I don't know if it's worth it. Have you used it? Have you known anybody who has? They're quite expensive. Cheers mate!
It doesn't work for me when I replicate the lab, I inserted the config code given, it did cache when I change pass to hash for php file but when I try to insert the extension of css or other extensions, it just gave me 404 error, any idea where i went wrong? Everything seemed to work except trying to get it to cache the extension
Condition 1: return profile.php when profile.php/nonexistent.css is requested -- this looks like a software/framework specific vulnerability. Is this really a valid, unpatched attack vector today (I'll be surprised)?
The condition itself isn’t something exploitable. It’s the cache config + this quirk which makes it dangerous. So it’s not an “attack vector” that needs to be fixed. You can install the latest version of php and try it yourself by hosting your own web app.
Hey, I had a doubt. Even if this info is getting stored in the browser, it is still the user's browser. How can hackers access the browser cache of the user on another laptop/pc.
So happy to hear this... congratulations!! 🥳 Which program was it? And no, I don’t have anything set up for donations right now but I really appreciate the thought :)
@@FarahHawa i have kids and all day i hear music like this on tv hehe no offense but i really cant hear you when you speak and im very interested to see what i missed and what i dont know. Thanks again!
Your way of explaining things with an example using labs is amazing........
This video proves that a single video is enough to understand the concept. Great Work.😀
Di, I thought Web Cache poisning is So hard to understand because It is a P1 Vulnerability and P1 are difficult to learn but You Made My Day Today, Thanksssssss a Lot Farah Di!
❤️
Awesome!
Just to add a bit more to it:
Whether a page should be cached or not, also depends on a response header Vary. Do check that out to know exactly what is being used to cache the pages of the website. (Cookies, Accept-Encoding, Extensions etc.).
This doesn’t really matter for this attack but thank you for the info! :)
They don't matter for this particular attack. They are important for other cache-related attacks though.
Your method of teaching is really helpful for beginners like me
Its amazing teaching stayle. Thank you Ma'am.
Your explanation is so good please continued for other topics
Love your videos . Please make practical video on idor bug .
Content getting better and better 👍👍👌👌
Just wow learned many things from your video
All the basic relevant info and technical explanations in
Mo Farah and Farah are my favorite 🥳
you've included some good resources in the description. It's amazing :)
Well Explanied! Thank you
The procedure Of Decode is very interesting
wonderful farah
hey farah your video is really helpful even though i've already been 3 years in bug bounty community, i still find your videos very helpful especially the most basics one i tend to forget it , do you plan creating your udemy tutorials soon?
Really well explained and very helpful. Thanks!
Demos were awesome...
Hello Madam we all like your way of teaching. We are requesting please make a video on the bugcrowed bug bounty where we get how to choose program , initial steps to any bug bounty and how to perform and which tools are used and os is useful for bug bounty and most important report writing for anyone of program in bugcrowed.
Waiting for your reply.
Thank you.
Great Content Farah ! Keep it up !
Great explanation👍
Super useful information thanks for sharing
Excellent. You have yourself another subscriber :)
amazing work , keep it up !
Thanks!
Good Thanks!
You are a rockstar
Good work!well explained.
Great video thank you, and the lab is very nice :D
Thank you! It took 2 days to figure out all the configurations 😅
thanks farah so much for amazing content
Thank you for watching ☺️
Great content as always✌🏻
Thank you! :)
Thank you Farah
Nice Explanation farah.
Thank you!
Nice video, Farah
Thanks for the video good work 😎🔥👍
Excellent 👌 videos
Very well explained
goood farah
awesome explanation. thanks!
Farah mam, awesome content 🔥 thanks for this
Thank you for watching! Glad you liked it☺️
@Farah Hawa. can you make a video on Reflected file download
Please make a video on aws Pentesting. It's my earnest request to you🙏🙏🙏
Great explanation keep it up 😇
Thank you!
Nice vedio 👏
Thank you so much mam.
Learned something new ;)
dhyanwaad...😊
Awesome
Thanks farahh great content ! I tried to setup a lab. I used your default.vcl conf but my profile.php/test.css is not cached :(
Hi! I'd like your opinion on the platform INE Training, I don't know if it's worth it. Have you used it? Have you known anybody who has? They're quite expensive. Cheers mate!
Hey farah,
If I want to learn from the very start do you teach online ?
No, I don’t
I am your new subscriber
Really good 👍 👍👍
Informative...
Glad you found it helpful!
It doesn't work for me when I replicate the lab, I inserted the config code given, it did cache when I change pass to hash for php file but when I try to insert the extension of css or other extensions, it just gave me 404 error, any idea where i went wrong? Everything seemed to work except trying to get it to cache the extension
love you
Nice video
Wow
Condition 1: return profile.php when profile.php/nonexistent.css is requested -- this looks like a software/framework specific vulnerability. Is this really a valid, unpatched attack vector today (I'll be surprised)?
The condition itself isn’t something exploitable. It’s the cache config + this quirk which makes it dangerous. So it’s not an “attack vector” that needs to be fixed. You can install the latest version of php and try it yourself by hosting your own web app.
Eu estar apaixonado ❤️❤️❤️
Hey, can I ask what is the window you opened @5:07
I’m not sure what you’re referring to but the repeater tab of Burp Suite is open at that second.
@@FarahHawa yeah. Thank you. I just wanted to know that. Thanks!!
Hi Farah !!
Which is the best bug for very beginers to search on live websites for bounties
I hope you help for noobies "_"
Hey, I had a doubt. Even if this info is getting stored in the browser, it is still the user's browser. How can hackers access the browser cache of the user on another laptop/pc.
This is the varnish cache we’re talking about, not the user’s browser cache :) Check the h1 reports in the description, you’ll understand the impact!
💯
Its been a month. Are u still gonna upload in the future?
Yes, working on the next one right now. Thanks for being patient 🥺🥺 really appreciate it
@@FarahHawa Take your time to make a great Content!! Faraah
Make more video in week
Sweeeet
Thank you Farah for your videos. Watching this video made me $750 (P2) from a public bug bounty program. Do you accept donations?
So happy to hear this... congratulations!! 🥳 Which program was it?
And no, I don’t have anything set up for donations right now but I really appreciate the thought :)
Hi
MA'AM I wanted some tips on starting a career.. So i contacted you in Instagram and Twitter. plzz ma'am reply me
Why is the link to a non-existing.css file returns the html content? Does it ever happen? What is the root cause?
It’s a quirk that exists in PHP among other languages. You can try it yourself by setting up a basic website in PHP!
Yo
yoo
ok again, great content but if you keep putting this Peppa pig music i will not watch ur videos. please dont put music in your videos!
Peppa pig 😂🤣🤣🤣
Ok I’ll try
Pls don’t stop watching 🙏🏻😄
@@FarahHawa i have kids and all day i hear music like this on tv hehe no offense but i really cant hear you when you speak and im very interested to see what i missed and what i dont know. Thanks again!
Can i try this on hackerone and other platforms ???