@@chefsecure **Instruction unclear...** *hacked nuclear missil aswell sandwhich* *Nsa cia fbi and delta force are at my door* *Sandwhich gone vile* *oh god the sandwhich is shooting lettuce* *we need backup*
This was a great and informative tutorial! There is only one slight problem, if you actually want to make modifications to the webpage like the documentElement portion, this tutorial only shows you how its performed on your local browser client side.
No offense, but I think you're the 'noob' here. Say he entered into the textbox, that would execute the javascript of another website, which could be malicious. Also, obviously, changing html using form data will only change the html displayed to you!
@@user-ys9kg6ye8u no, he is just injecting malicious code. hackers will try to get you to inject their code, making your information vulnerable. so in a way, you are creating a vulnerability
this is great stuff dude. it’s a super power being able to explain this stuff in plain English. Studying for security + these videos really help! Thank you
Ive noticed that even if I dont use these strategies to hack, this knowledge is very useful to prevent your website from being penetrated. It's like "it takes one to know one"
IG @Hack_albertbruse03 text me for all kind of issue you have like IG, facebook, tiktok, iCloud cash app, pay pal i can recover your cash app account for you
@hackermike541 on ig can help you recover any social media account and can get any hidden information from any site. I almost got scammed but hackermike541 on ig helped me get my money back on cash app
Realizing that your channel is Chef Secure, and i've been a chef for almost 10 years before changing to IT field and started to fall in love with cybersecurity, i think i just found my new favorit channel :D
This was just an example. If the data you submitted is sent to the server, and its not sanitized there it will execute for every next visitor, which will result in blank page since everyone else will get updated version of that page since it's sent by the server upon request.
I have been trying to get a better understanding of XSS. And you sir have explained it the best. Most always show the “alert” but I never understood the point of it. Thank you for clearing it up!
Great question: If the filters are in JS - you can disable JS or modify your request before it's sent to the server. If the filters are in the server - you'll have to get creative and find ways to bypass the filters. For example: if "" is filtered, you can try "" (notice the space at the end) The full course teaches you more about filter evasion if you want to grow your skills: chefsecure.com/courses/xss That said, if everything is done right then it's protected, but it's pretty tricky to get it right 100% - even huge companies like Google, Microsoft and Facebook get it wrong sometimes.
Love the setup, great minimalistic/techy vibes and the content was great and easy to understand too! Just couldn't help but notice that you only blinked like 7 times in the entire video lmao.
I know nothing 🤷🏾♂️about coding except for what I just learned here but I just got interested in learning because of the way you teach, wow we need more teachers like you in the world then niggas would never fail damn😌!!!
@hackermike541 on ig can help you recover any social media account and can get any hidden information from any site. I almost got scammed but hackermike541 on ig helped me get my money back on cash app
That a great, easy-to-follow description and example of XSS. Very helpful for someone just starting out. I'm surprised there aren't more subs. Well done, though.
What about attributes, URLs, JS contexts and so on? The problem is there are so many ways a site can be vulnerable to XSS than this basic attack, which is why large, billion dollar companies like Google, Facebook and Twitter still encounter XSS vulnerabilities
@@chefsecure Im not sure exactly what all that is to be honest, but when Im building a website I make sure anything coming from the frontend is exactly the values I expect, and I always escape values that come from the user.
I’m still confused on how this would work? So I would go up to a website and type in alert(“Hello”), and a what? Refresh the page? Click enter? And let’s say that does work, what can I benefit from doing that, what more could be included knowing that works?
If the alert opens, it means the site is vulnerable to XSS attacks - for example, if the script you just added in your comment opened an alert in my browser, my account could be attacked and UA-cam would have a big problem. For cybercriminals, this can be abused to steal passwords, add malware, etc. by replacing the alert with an exploit. For security researchers and bounty hunters, you can report problems like this in bug bounty programs to get rewarded with money - usually $500 for low severity issues and several thousand dollars for high severity.
Isn''t js client side language? How does it work? I could write 'document.documentElement.innerHTML="" ' in development console, and it has the same effect. So, if js does not work in server-side, how does this affect vulnarability?
You're right that XSS is client side and you could just type that into the console. The problem with this vulnerability is it allows attackers to run their own code inside your browser. Imagine if UA-cam comments were vulnerable and I could inject code as simply as typing in //code Anytime someone visits the page, my comment would load and my script would run which would allow me to do anything on the page with JS - such as requiring you to enter your google account password. Make sense?
Im currently 15, i have taken two computer programing classes (intro to csp and AP csp), i plan to take a career/ side career in cyber security or software engineering. Currently learning more javascript and c++, i know html but im a bit rusty in it.
I'm bot hacking a website for fun, but I'm doing this because there's an exploiter in Blood And Iron Roblox and I tried to do it if I could take down it.
I have an doubt bro.I lost so much of money by one online earning website.they all took my money.My money is still in pending of withdrawal. Can we hack it and approval for my withdrawal of my payment in that website?
Bro u gave the best explanation of all topic with some funny jokes also i liked it plz make some more videos i really want to gain more knowledge from you
I bought your class which has challenges under each video, but where are the solutions? Its a bit confusing without the solutions to help lead in the right direction.
Mike, I don't post answers, but you can email info@chefsecure.com where you're stuck, and I'll be happy to help you out. After that if you still need help, I can walk you through on a video chat/screen share if necessary.
I have a question, please answer. If we are able to inject a code in the front end its just updated in our browser right. So, how to get it done globally on all devices.
Imagine if you could inject a script inside your comment. Every time someone's browser loads the comment, it would run on their device. Does this help?
This applies to every website on the internet. Most major companies have bug bounty programs where they'll pay you to find these issues on their website.
What I don't understand is, how can an attacker use this to affect other's computers? The JS code he is entering will only run on his machine, not on webpage visited by others.
If I injected a script into this comment: // attack-code and if UA-cam comments were vulnerable, the code would run in your browser and in everybody's browser when this comment loads. So anywhere an attacker can add input, they can try adding scripts to see if it would work. Make sense?
@@chefsecure That makes sense. But I am wondering how any data can be transferred back to the hacker's server, considering that browsers don't allow cross origin requests?
@@DK-ox7ze That's a fantastic question, and yes that's due to CORS, which is set by the server. Since the hacker controls the server, all they have to do is allow the request to come in and it won't be blocked.
@@chefsecure I believe CORS can only be enabled if the host domain server (server which loaded the page initially) has allowed CORS in its response headers. If not, then the malicious script injected by hacker won't be able to make a CORS request to another domain.
@@DK-ox7ze The host site can block outbound requests with Content Security Policy, but CORS is for requested resources. For example if I make a webpage, then try to make a request to Facebook to find out real names of users, it will be blocked because FB doesn't want me to access the info, even though that's what my host domain wants to do. Releasing a new video in a few days covering an attack server I made with CORS enabled if you want to test this out.
ok, but i dont get it how it can deface a website, well, if you run script in the page, you may modify it, but if you update the page, it gets to normal, the only way i see being able to deface the website would be being able to modify the source code in the website server, and i dont know if this is possible only with javascript, but im dumb, so im hoping you guys could teach me how it is done.
You know how we deleted the webpage in the example? You can also add new things to the page - like pictures, videos, text, etc. instead of just an empty string. Now imagine if UA-cam comments were vulnerable to XSS. If I put my script right here: //my code my code can change the webpage any time you view this video, because my comment (and code) would load too. Make sense?
@@chefsecure thanks for responding! What i dont get it is how other people would see The changes, if i run an xss script to run an alert in The web page, The only person That will see The alert will be me right? Even if other people are accessing The webpage in The same time i run the script, and if i defaced The web site, how could i make The changes LAST and visible to everyone who access The page? If i press f5 in your example page, it gets back to normal.
@@Xdetonando Right. That's just because it's an example, however the attack stays the same. If you look above, you'll see my comment has already loaded. Again, if there were a vulnerability, this means my script will also run. Since the comment loads every time anyone visits the page, the script will also run. This is called stored XSS - when the page loads, so does the attack script, whether it's in a comment, username, blog post, etc.
Well , first time my mail has warned me don't enter to the suspicious website link seriously? Chefsecure???? Why your site is untrusted I won't proceed anymore. Thankyou
Unfortunately mail filters get things wrong sometimes - I still get security newsletters to trusted sites marked as suspicious. That said, if you're uncomfortable visiting the site, you can stay here on UA-cam to watch the free videos when they're released. -Jesse
Sanitization only works as well as the developers know how to use it. XSS is still the #1 most commonly found vulnerability by researchers, which means a lot of developers still don't understand the right ways to protect their websites.
iv'e been stuck on one of his assignments from the course for over two weeks. And he says he can't help me, i've tried everything. should come with a walkthrough at least.
Email info@chefsecure.com if you're stuck and I'll always help you out. I don't post answers because the point is to help you learn to find vulnerabilities. In real life there are no answers you can just look up.
Appreciate it, Francis! Yes, this is the first lesson from my XSS course. You can get it here: chefsecure.com/courses/xss I also have a new course - the No Code Hacking Course - coming this year. there's a giveaway going on if you check out my latest video.
Depending on the context this will apply exactly the same. This recipe is just for HTML content injection. The others go into attributes, URLs, javascript and so on. In any case, vulnerabilities can come from plugins or directly from the main developer code on websites.
True, it doesn't affect the server. But if you take over the client side, you take over the client/account. Now, if the client you take over is an admin, then you can possibly affect the server depending on what powers the admin has.
Important question: the script executes in the browser, not in the server. A php server will take the form input generate a response HTML page using it where it then gets run in someone's browser. For example, if UA-cam were vulnerable and I add script here, it would run in your browser when you read this.
the quality is insanely high for such a small channel, i've subscribed hoping to see more of this quality content
Appreciate the good vibes 😎
Got more on the way!
-Jesse
i agree. this guy deserves more views for such detailed and well explained content
@@chefsecure
**Instruction unclear...**
*hacked nuclear missil aswell sandwhich*
*Nsa cia fbi and delta force are at my door*
*Sandwhich gone vile*
*oh god the sandwhich is shooting lettuce*
*we need backup*
I Have 23 subs and my vids are in 4k ):
@@WilliamMcDowell_ oh god... they dont mean in resolution!
Wow , I think i found the best place to start my learning journey , interesting and funny , great stuff , thank You !
yes ofcouse
Yes this is so true
I was thinking otherwise before the service but after the service I was amazed I never believe OMG he's legit 💯 thanks @Gary_poke on IG
Can't wait to use this methode that have the possibility to fuck up a whole page but instead use it to troll and ([insert fun activity])!
Extremely true and a mirror case here!
Brother, the way you teach is really appreciable, even a non technical person will understand
This was very informative, well edited and I can't wait to see your other videos. Thanks for the work putting this together.
This was a great and informative tutorial! There is only one slight problem, if you actually want to make modifications to the webpage like the documentElement portion, this tutorial only shows you how its performed on your local browser client side.
Before any noobs get excited, he intentionally left out the part that the web page contents only disappeared for him, not for any other users.
No offense, but I think you're the 'noob' here. Say he entered into the textbox, that would execute the javascript of another website, which could be malicious. Also, obviously, changing html using form data will only change the html displayed to you!
@@commonfooI so i think it would mean that he is hacking himself?
@@user-ys9kg6ye8u no, he is just injecting malicious code. hackers will try to get you to inject their code, making your information vulnerable. so in a way, you are creating a vulnerability
Great job! Now, I need to use this knowledge to protect podcasters on our podcast network from XSS attacks.
this is great stuff dude. it’s a super power being able to explain this stuff in plain English.
Studying for security + these videos really help! Thank you
Awesome to hear, Bob! Thanks and good luck on your cert!
Ive noticed that even if I dont use these strategies to hack, this knowledge is very useful to prevent your website from being penetrated. It's like "it takes one to know one"
Why stop here? We need more!!! Start patreon acc . We would like to be patreon ...
IG @Hack_albertbruse03 text me for all kind of issue you have like IG, facebook, tiktok, iCloud cash app, pay pal i can recover your cash app account for you
@@user-wg3ij5jf1y ok thanks
That video was awesome, you should post more often.
@hackermike541 on ig can help you recover any social media account and can get any hidden information from any site.
I almost got scammed but hackermike541 on ig helped me get my money back on cash app
thIS IS FOR EDUCATIONAL PURPOSES ! 😂
Honestly, I did not expect much, however you really surprised me. You earned a subscriber.
Realizing that your channel is Chef Secure, and i've been a chef for almost 10 years before changing to IT field and started to fall in love with cybersecurity, i think i just found my new favorit channel :D
Hey that's awesome, Imre! Glad to be a part of your journey. Hope you had some great experiences as a chef and make many more in IT.
After refreshing page,destroyed web page will load again.
This was just an example. If the data you submitted is sent to the server, and its not sanitized there it will execute for every next visitor, which will result in blank page since everyone else will get updated version of that page since it's sent by the server upon request.
alert(‘you been hacked’)
Hmmm... template literals
> undefined behaviour
I have been trying to get a better understanding of XSS. And you sir have explained it the best. Most always show the “alert” but I never understood the point of it. Thank you for clearing it up!
Awesome! Be sure to check out the XSS playlist to go deeper with more exploits that show the full impact.
Your video is superbly good man love ur work
That's awesome to hear! Thank you!
Your style is so good.. That is why I show your video lots of time and again amd again. belive me. :D
in 2 hours i have a test, thank you man for this video
Good luck!
then how do you do xss when the website filter the input? as you know many of website already do this. what do you think?
Great question:
If the filters are in JS - you can disable JS or modify your request before it's sent to the server.
If the filters are in the server - you'll have to get creative and find ways to bypass the filters. For example: if "" is filtered, you can try "" (notice the space at the end)
The full course teaches you more about filter evasion if you want to grow your skills:
chefsecure.com/courses/xss
That said, if everything is done right then it's protected, but it's pretty tricky to get it right 100% - even huge companies like Google, Microsoft and Facebook get it wrong sometimes.
@@chefsecure great answer! in addition if the web using WAF, can u share something about data tampering? i will appreciate it :)
@@fadlidipo3324 Great idea! I'll make a future video for this, so make sure to subscribe if you haven't already. Appreciate you watching!
@@chefsecure sure no problemo sir
I used this information for evil
you are soo bad! 😂
Love the setup, great minimalistic/techy vibes and the content was great and easy to understand too! Just couldn't help but notice that you only blinked like 7 times in the entire video lmao.
I'm very good at staring contests.
I've watched so many UA-cam videos trying to understand XSS,this video game me just that...
Keep it up boet...
I know nothing 🤷🏾♂️about coding except for what I just learned here but I just got interested in learning because of the way you teach, wow we need more teachers like you in the world then niggas would never fail damn😌!!!
I appreciate it. Keep it up, that's why I do this. We need more people creating success, not just the lucky ones born into it.
dudeeeee wtfff .. u have only 12k subs ? .. i cant believe this...congrats for 1M in advance
Ayy! Thanks! I appreciate it. Let's gooooo!
Needed to subscribe because I just love your videos , they really help me and are so informative but they do that without being boring , thanks loads
This video was exactly what I was looking for, you got yourself a sub, sir! :)
The beginning of this video is like verifying if you are above 18!😂
@hackermike541 on ig can help you recover any social media account and can get any hidden information from any site.
I almost got scammed but hackermike541 on ig helped me get my money back on cash app
This is so cool, glad I found it
shudydufibftiiyukyiuutjyrhtrhhtrttrhrhhyrthhtrththrtr
"Or worse, *shows slowest browser in the work (internet explorer) * *brings out blow torch* computer:aw shit hehe we go again
That a great, easy-to-follow description and example of XSS. Very helpful for someone just starting out. I'm surprised there aren't more subs. Well done, though.
Thank u man, I was recently searching for this exact content for many days and I was messed up... Your video helped me a lot.
For more ways to come over it, you can contact *nellyhacktoolz* øn !nstagram. He helped me.
Super easy to protect against this. Just have to escape those chapters before rendering to the page
What about attributes, URLs, JS contexts and so on?
The problem is there are so many ways a site can be vulnerable to XSS than this basic attack, which is why large, billion dollar companies like Google, Facebook and Twitter still encounter XSS vulnerabilities
@@chefsecure Im not sure exactly what all that is to be honest, but when Im building a website I make sure anything coming from the frontend is exactly the values I expect, and I always escape values that come from the user.
But where do we get that xss scripting site?
You can access the example from the recipe here:
chefsecure.com/courses/xss/recipes/hacking-websites-with-cross-site-scripting
Have fun!
Loved this video. Immediately subscribed! Would be great to see more of this for us everyday web devs.
I’m still confused on how this would work? So I would go up to a website and type in alert(“Hello”), and a what? Refresh the page? Click enter? And let’s say that does work, what can I benefit from doing that, what more could be included knowing that works?
If the alert opens, it means the site is vulnerable to XSS attacks - for example, if the script you just added in your comment opened an alert in my browser, my account could be attacked and UA-cam would have a big problem.
For cybercriminals, this can be abused to steal passwords, add malware, etc. by replacing the alert with an exploit.
For security researchers and bounty hunters, you can report problems like this in bug bounty programs to get rewarded with money - usually $500 for low severity issues and several thousand dollars for high severity.
UA-camr Hackers : *teachs how to hack websites, phones etc.*
Also UA-camr Hackers : EDUCATIONAL PURPOSES ONLY!
i use this information to make money i am going to drop a like
@@tobya8383 thank you i'll do that
how do you make can you teach? :)
Ok ill use it to get a scammers account in roblox, it is good right?
I am doing a good thing i think
Doing God's work my friend
Isn''t js client side language? How does it work?
I could write 'document.documentElement.innerHTML="" ' in development console, and it has the same effect.
So, if js does not work in server-side, how does this affect vulnarability?
You're right that XSS is client side and you could just type that into the console.
The problem with this vulnerability is it allows attackers to run their own code inside your browser.
Imagine if UA-cam comments were vulnerable and I could inject code as simply as typing in //code
Anytime someone visits the page, my comment would load and my script would run which would allow me to do anything on the page with JS - such as requiring you to enter your google account password.
Make sense?
A question,
But if you remove the whole html page, only you can see it, or it’s for everyone?
Im learning so I can help people figure out if there website is safe or not
Nice! Keep it up
Im currently 15, i have taken two computer programing classes (intro to csp and AP csp), i plan to take a career/ side career in cyber security or software engineering. Currently learning more javascript and c++, i know html but im a bit rusty in it.
That's great. Keep it up!
Payment process difficult for me to get course. Stripe and PayPal not supported in my country :(
Subscribed
and Notified
Thank you! Working on a new video this week. Appreciate your support
I'm bot hacking a website for fun, but I'm doing this because there's an exploiter in Blood And Iron Roblox and I tried to do it if I could take down it.
I have an doubt bro.I lost so much of money by one online earning website.they all took my money.My money is still in pending of withdrawal. Can we hack it and approval for my withdrawal of my payment in that website?
Loved this! Subbed. Thanks! 👍
Buddy.., You are Awesome..!! Jst be The Way u Are..!! Expecting Much More Good Content In Your Style...🤩
I am DEAD off the internet explorer bit. 🤣
Funny+Hacker=Amazing channel
:)
Bro u gave the best explanation of all topic with some funny jokes also i liked it plz make some more videos i really want to gain more knowledge from you
You're amazing brother, lots of love from North-East India
Thanks, man!
I bought your class which has challenges under each video, but where are the solutions? Its a bit confusing without the solutions to help lead in the right direction.
Mike, I don't post answers, but you can email info@chefsecure.com where you're stuck, and I'll be happy to help you out.
After that if you still need help, I can walk you through on a video chat/screen share if necessary.
This is very helpful, please more videos
I have a question, please answer. If we are able to inject a code in the front end its just updated in our browser right. So, how to get it done globally on all devices.
Imagine if you could inject a script inside your comment. Every time someone's browser loads the comment, it would run on their device.
Does this help?
So if I want to hack someone, I must ask them to use their computer and find the faulty form and write code in it?
This applies to every website on the internet. Most major companies have bug bounty programs where they'll pay you to find these issues on their website.
iv been scammed by someone. they sent me to a webstie thats fake. can you point me to a way to hack there site?
how can you even get their post methods????? there is no server methods, they are only UI side we can access to,
0:09 every hacking related stuffs on internet
dude why is this channel so underrated i get offenced about it
your are going so good..
don't give up❤️❤️
Thank you! New video coming today
What I don't understand is, how can an attacker use this to affect other's computers? The JS code he is entering will only run on his machine, not on webpage visited by others.
If I injected a script into this comment: // attack-code
and if UA-cam comments were vulnerable, the code would run in your browser and in everybody's browser when this comment loads.
So anywhere an attacker can add input, they can try adding scripts to see if it would work.
Make sense?
@@chefsecure That makes sense. But I am wondering how any data can be transferred back to the hacker's server, considering that browsers don't allow cross origin requests?
@@DK-ox7ze That's a fantastic question, and yes that's due to CORS, which is set by the server.
Since the hacker controls the server, all they have to do is allow the request to come in and it won't be blocked.
@@chefsecure I believe CORS can only be enabled if the host domain server (server which loaded the page initially) has allowed CORS in its response headers. If not, then the malicious script injected by hacker won't be able to make a CORS request to another domain.
@@DK-ox7ze The host site can block outbound requests with Content Security Policy, but CORS is for requested resources.
For example if I make a webpage, then try to make a request to Facebook to find out real names of users, it will be blocked because FB doesn't want me to access the info, even though that's what my host domain wants to do.
Releasing a new video in a few days covering an attack server I made with CORS enabled if you want to test this out.
ok, but i dont get it how it can deface a website, well, if you run script in the page, you may modify it, but if you update the page, it gets to normal, the only way i see being able to deface the website would be being able to modify the source code in the website server, and i dont know if this is possible only with javascript, but im dumb, so im hoping you guys could teach me how it is done.
You know how we deleted the webpage in the example?
You can also add new things to the page - like pictures, videos, text, etc. instead of just an empty string.
Now imagine if UA-cam comments were vulnerable to XSS. If I put my script right here:
//my code
my code can change the webpage any time you view this video, because my comment (and code) would load too.
Make sense?
@@chefsecure thanks for responding! What i dont get it is how other people would see The changes, if i run an xss script to run an alert in The web page, The only person That will see The alert will be me right? Even if other people are accessing The webpage in The same time i run the script, and if i defaced The web site, how could i make The changes LAST and visible to everyone who access The page? If i press f5 in your example page, it gets back to normal.
@@Xdetonando Right. That's just because it's an example, however the attack stays the same.
If you look above, you'll see my comment has already loaded. Again, if there were a vulnerability, this means my script will also run.
Since the comment loads every time anyone visits the page, the script will also run. This is called stored XSS - when the page loads, so does the attack script, whether it's in a comment, username, blog post, etc.
@@chefsecure now i get it, thanks for answering!
Well , first time my mail has warned me don't enter to the suspicious website link seriously? Chefsecure???? Why your site is untrusted I won't proceed anymore. Thankyou
Unfortunately mail filters get things wrong sometimes - I still get security newsletters to trusted sites marked as suspicious.
That said, if you're uncomfortable visiting the site, you can stay here on UA-cam to watch the free videos when they're released.
-Jesse
@@chefsecure I trust you I have entered the site I was waiting for your reply 😂🥳 I'm sorry for wasting for time keep making more videos 😺♥️
I still dont know how to hack websites (he explained only a example not real)
Great work brother 💪 this was awesome and very informative
where is the page ? not in description
It's in there. Here too: chefsecure.com/courses/xss/recipes/hacking-websites-with-cross-site-scripting
Can you hack a scammers website?
So what kind of website is prone to this attack? Cannot really imagine this work in the real life because of simple sanitization for example.
Sanitization only works as well as the developers know how to use it. XSS is still the #1 most commonly found vulnerability by researchers, which means a lot of developers still don't understand the right ways to protect their websites.
Awesome vid man, subbed!
Appreciate it!
iv'e been stuck on one of his assignments from the course for over two weeks. And he says he can't help me, i've tried everything. should come with a walkthrough at least.
Email info@chefsecure.com if you're stuck and I'll always help you out. I don't post answers because the point is to help you learn to find vulnerabilities. In real life there are no answers you can just look up.
Great tutorial!
im' a paragraph
Thanks for this.
My pleasure, Anjali.
this guy is simply amazing. i would love to learn from you. please do you have an academy?
Appreciate it, Francis!
Yes, this is the first lesson from my XSS course. You can get it here: chefsecure.com/courses/xss
I also have a new course - the No Code Hacking Course - coming this year.
there's a giveaway going on if you check out my latest video.
What about vulnerable plugins on WP site vulnerable to Cross site scripting
Depending on the context this will apply exactly the same. This recipe is just for HTML content injection. The others go into attributes, URLs, javascript and so on.
In any case, vulnerabilities can come from plugins or directly from the main developer code on websites.
Can you make more videos about what possible malicious scripts hackers use and how to prevent them
Great video. Very well explained, easy exercise. Thank you.
0:58 oh I thought this turned into a cooking Channel for a second
Food is always welcome
Is it possible for me to change my friends name on Microsoft Teams. And i want it to be visible to them not just me i ca do thqt already
What are the percent sign for ? The one u put Infront of number 1 in the arg
the parentheses? ()
This is just how to tell javascript to run the alert function.
alert by itself won't execute, but alert() will
Thank you! I watched this and I hacked my ex girlfriend's social media accounts!
404 - ex girlfriend not found
Lol
Great Video
What OS do you use? Windows? Linux?
I got an old account back thanks to this amazing HACKERLIJERALD on IG
Bot..
i thought this was video for hackers at first, I realized it;s not :)
Hackers can be good too. I promise.
I love the intro, i will use this information to hack into pentagon and find out if aliens are real. wish me luck guys
Been seeing a lot of alien info being released lately. That you, real cat?
But whete would i do this on a real website
The intro speech is nice lol
What the point? Destroying a page on client side does nothing to the server right ?
True, it doesn't affect the server. But if you take over the client side, you take over the client/account.
Now, if the client you take over is an admin, then you can possibly affect the server depending on what powers the admin has.
The input from the form is send to the php as a variable, how can a script tag be executed like that? Im thinking🤔
Important question: the script executes in the browser, not in the server.
A php server will take the form input generate a response HTML page using it where it then gets run in someone's browser.
For example, if UA-cam were vulnerable and I add script here, it would run in your browser when you read this.
@@chefsecure okey, got it, thank you for your detailed reply!
This is great content! I'm subscribed and looking at your classes. :)
Thanks, Justin. Appreciate your support!
all the main stereotypes of hackers lol
Hello sir tell me about dvwa, bwapp like
Can’t wait for my school to get super confused
Helpful as heck!
Heck yeah, Amy!
Is there a place to really learn this? I’m gonna shut down fb and delete everything to do with it so it doesn’t exist anymore
I'm not even a coder... How tf did I know this already
If u r a Beginner U can Learn Programmimg and Scripting languages From Solo Learn