Finding Your First Bug: Cross Site Scripting (XSS)

Поділитися
Вставка
  • Опубліковано 15 лис 2024

КОМЕНТАРІ • 65

  • @siddharthchhetry6810
    @siddharthchhetry6810 2 роки тому +3

    Last year i started watching your videos . I got few bugs now m here again to learn and understand everything you say . Thanks katie :)

  • @jeannasrallah730
    @jeannasrallah730 3 роки тому +3

    I want to thank you for sharing your knowledge with us . finalyyyy i got my first bountie!! I'm so happy and always as i said thank all the channels on youtube . I'm a 16 y/o guy and i don't have anyone to guide me in this field but i found you youtube and i start learning 6 monthes ago and boom the result is shown now!
    And to all the hackers : never give up, your patience is your key , and the more you learn the more you earn never forget that.❤

    • @barssever4904
      @barssever4904 3 роки тому

      what was your first bug?

    • @jeannasrallah730
      @jeannasrallah730 3 роки тому

      @@barssever4904 cors missconfiguration

    • @InsiderPhD
      @InsiderPhD  3 роки тому +1

      Wonderful! Well done on a bounty at 16 (amazing) AND without a formal mentor, that is fantastic, all the best to you, I'm sure you're going to be an amazing hunter!

    • @jeannasrallah730
      @jeannasrallah730 3 роки тому

      @@InsiderPhD thank you🙌❤❤

  • @actual_0xatul
    @actual_0xatul 4 роки тому +4

    Wish these videos were there back when I started taking hacking seriously!

  • @littlenikki1105
    @littlenikki1105 4 роки тому +3

    Amazing content as always I'm still trying to find my first bug but thank to your last video on goal setting I set up a goal for one bug in the next month so wish me all the luck

    • @InsiderPhD
      @InsiderPhD  4 роки тому +1

      Good luck! If you ever have any issues feel free to reach or via the Hacker101 discord group. Let me know how you get on! Smash your goal!!

    • @littlenikki1105
      @littlenikki1105 4 роки тому

      @@InsiderPhD thank you so much I have been that I will do one big scope trying to find interesting subdomains as well as trying to find a small scope project that I can work on

  • @90secconds
    @90secconds 2 роки тому

    Why didn't put these links in the description? Btw, Excellent video.

    • @InsiderPhD
      @InsiderPhD  2 роки тому

      Unfortunately the links will cause UA-cam to delete the video :( so I had to remove them all last year

  • @bobmatley6138
    @bobmatley6138 3 роки тому +1

    Im trying to get into the habit of creating python scripts that I can load different categories of injection, xss, sql injection, command injection etc... that I manually create myself, and craft them for different targets and then automate the process by running all the injection payloads I have created over time. So now lets say I find an xss payload they works for a specific category of web app, I simply load it into that category and over time have build up a few dozen, and if I come across a similar web server, I can simply fire the script and it tries all the attacks that I have launched on the same or similar web servers. hope that makes sense?

  • @CoryResilient
    @CoryResilient 3 роки тому

    Can I copy paste all the payloads on XSS Hunters website and paste them into a comment or name field etc and one might fire? Or does this not work. 🤔

  • @CoryResilient
    @CoryResilient 3 роки тому

    What about XSS vulnerabilities in WordPress Plug-ins?

  • @jensmueller7483
    @jensmueller7483 4 роки тому +1

    Thank you for your videos! I prefer shorter episodes. Would it be possible to increase the volume?

    • @InsiderPhD
      @InsiderPhD  4 роки тому +1

      Yes! I’ve actually fixed this issue now after some investigation future episodes will be much louder

  • @graycybermonk3068
    @graycybermonk3068 4 роки тому

    Hello. Thanks for those all important videos. I am following your videos and instruction.
    I have some little question. Can we use in bug bounty for xss scanning using some xss tools like xss scanner XSpear extra. Please I will wait for your reply. Thanks in advance.

  • @nicholasm2861
    @nicholasm2861 4 роки тому +1

    Thank you for the video. It was very informative.

  • @malrborojamez1631
    @malrborojamez1631 4 роки тому +2

    Your helping alot!!

  • @nasryfootball6228
    @nasryfootball6228 4 роки тому +1

    Great video Katie I love you

  • @manishprajapati7410
    @manishprajapati7410 2 роки тому

    Your videos are so helpful.
    I appreciate the effort put into your videos. 😀👏

  • @basilgafoor1
    @basilgafoor1 4 роки тому +1

    You're videos are really amazing. Keep making such videos.

  • @shivanimahanty412
    @shivanimahanty412 2 роки тому

    Thanks for this video... But for me it's still difficult to learn... Can you help me to complete my remaining project for cyber security

  • @Sam-rp4hy
    @Sam-rp4hy 4 роки тому

    Hey
    You are doing great work!
    As a beginner, I wanted to ask a rather silly question. I am in a full time job, and I am starting in bug bounty (level 0 as of now)
    What if I only target any one P1 vulnerability in bug bashes, by dedicating all my time at one P1.
    Is this a fruitful tactic, keeping in mind reward will be on higher side.

    • @InsiderPhD
      @InsiderPhD  4 роки тому +2

      I think you’re likely to burn out demotivated far before you get the P1. Bare in mind unlike CTFs actual bugs, especially those on the more severe side, are much rarer. The reason Brahe best bug hunters find them is due to their experience. The fact is getting lower vulnerabilities is motivating as you learn. You do you though. Check out my video on Finding Your First Bug Remote Code Exécution for more info.

    • @Sam-rp4hy
      @Sam-rp4hy 4 роки тому

      @@InsiderPhD sure! thanx

  • @sohailbzioui8323
    @sohailbzioui8323 4 роки тому +1

    we need a poc and explique plzzz and how to bypass filter ==> methodolgy xss

  • @tayfun6378
    @tayfun6378 4 роки тому +4

    yes, most people say they're great first bugs but I haven't found one in the real world. I can find the ones in CTFs I can find the ones in challenges but I can never find one in the real programs. I'm not saying there aren't xss possible in them. qualified people can easily go and find 5 xss in a single night, on public programs. but I can't. so I've decided to go with idor and business logic errors. I'm getting slowly overwhelmed about my path.

    • @InsiderPhD
      @InsiderPhD  4 роки тому +4

      Do not worry I don't think they are great first bugs either. People know how to defend them now days, so the only time you find them is with really specific payloads. My only XSS was with a custom payload and it remains the only XSS I've ever found. IDORs are definitely becoming more common for sure, I think we'll quickly see them overtaking XSS as the go-to beginner bug.

    • @tayfun6378
      @tayfun6378 4 роки тому

      @@InsiderPhD I agree and I think people also started to know how to defend idors either with those long, encrypted pids, uuids.. it's a matter of learning the concept in general and knowing what would be the best approach to attack a target. otherwise it's all randomly shooting, imo.

    • @InsiderPhD
      @InsiderPhD  4 роки тому +2

      Even if you have a long uuid you will still have an IDOR for low- privilege users like guest vs admin. Since the guest may have viewing permissions, but not editing

    • @tayfun6378
      @tayfun6378 4 роки тому

      @@InsiderPhD that's right. I'm thinking about mastering it. thank you very much for the help!

  • @ajay0rawat
    @ajay0rawat 3 роки тому

    god that was hard to understand because of your accent .......but you explain nicely

  • @nallamothusumanth9544
    @nallamothusumanth9544 4 роки тому +1

    What about blind xss you didn't mention it

    • @InsiderPhD
      @InsiderPhD  4 роки тому +2

      I'm leaving blind XSS and discussing other types of XSS (DOM, etc) in a different series... Spoilers 🤫🤫🤫🤫

  • @ratmoneyg
    @ratmoneyg 3 роки тому

    What’s the easiest first bug you recommend a beginner look for?

  • @StephenOgu
    @StephenOgu 4 роки тому +1

    I love this video

  • @theedmbrewery6234
    @theedmbrewery6234 4 роки тому +1

    I wonder why xss works on headers like referrer etc.

    • @tayfun6378
      @tayfun6378 4 роки тому

      if the payload doesn't get stored, they're useless.

  • @ArunKumar-sg6jf
    @ArunKumar-sg6jf 4 роки тому

    how to do peneratation testing on cloudfare hosted websites

  • @nasrudincasayr1329
    @nasrudincasayr1329 4 роки тому

    Thanks alot

  • @jiayaoou8254
    @jiayaoou8254 4 роки тому

    is so diffcult to find this xss bug in bugbundary

    • @InsiderPhD
      @InsiderPhD  4 роки тому

      XSS is really hard to find but if you want to go deeper you can check out other types like blind XSS or Dom based XSS which should help you find an XSS! For Blind XSS I have a video and for DOM stud checkout the Hacker101 video with Stök and TomNomNom!

  • @georgebasilaia996
    @georgebasilaia996 4 роки тому

    where can i acces slides?

    • @InsiderPhD
      @InsiderPhD  4 роки тому

      Slides are now available on my Patreon for £5+ patrons, sorry I can't make them publicly available to prevent people from re-presenting my work!

    • @georgebasilaia996
      @georgebasilaia996 4 роки тому

      @@InsiderPhD thanks, no problem

  • @ch1nmqy132
    @ch1nmqy132 4 роки тому

    What are the some good first bugs??

  • @Nr_wx
    @Nr_wx 4 роки тому

    Can you hack with hackerone while you are in kenya

  • @chandpabhavesh1873
    @chandpabhavesh1873 4 роки тому

    Please do practically

  • @sohailbzioui8323
    @sohailbzioui8323 4 роки тому

    when

  • @emreru5687
    @emreru5687 4 роки тому

    👍👍 👍👍

  • @gprime3113
    @gprime3113 4 роки тому +3

    Ok, first of all XXS is EVERYWHERE. Using these techniques or the owasp or portswigger ones, you will never find it! I'll tell you where XSS is NOT found: in forms, in search bars, with any of the following: ;'" script, alert()... alert() is the most filtered string on the planet, and inhouse security teams go through the git hub lists and every where you google. But it is literally everywhere you just need to know how (now where) to look. Hope I help the 1 or 2 of you that the light bulb just went off for. Cheers.

    • @hydroflows
      @hydroflows 3 роки тому

      I think she touched on this in the video. She mentioned you have to exploit the vuln in much more creative ways. In one of her examples she highlighted someone stored a payload while creating a page. I would imagine what you and InsiderPhD are saying is that you should try to embed the payload deep within the application on some weird endpoint on an even weirder subdomain.

  • @alexman340
    @alexman340 2 роки тому

    it is just theory, no practical.I could not understand why 25.000 people watched this video.

    • @InsiderPhD
      @InsiderPhD  2 роки тому +1

      Sorry about that! This is one of my earlier videos so I was still finding my feet, thank you for the feedback and I'll definitely remake a practical version of this video!

  • @0xx039
    @0xx039 4 роки тому

    How can i hack in a program which has everything inscope or not mentioned anything inscope how should i approach it , programs like DOD, logitech etc... if i should start with asn ? does it mean that everything comes under that ans belongs to that company i'm confused, l like to hack on AT&T but i'm feared of losing my reputation or signal by going out of scope

    • @selimeneskaraduman6935
      @selimeneskaraduman6935 4 роки тому

      Why do you lose?

    • @0xx039
      @0xx039 4 роки тому

      @@selimeneskaraduman6935 typo

    • @InsiderPhD
      @InsiderPhD  4 роки тому +1

      In my opinion (and it is my opinion) I wouldn’t hack something you’re not sure an org owns. I would start with their core website, and just exploring from there, without digging into IP addresses. Another option is to do a subdomain search with lazy recon. Check it out on GitHub: github.com/nahamsec/lazyrecon

    • @actual_0xatul
      @actual_0xatul 4 роки тому +1

      Use crunchbase to find what the target owns. Use bgp.he.net to find their ASNs and CIDRs. Use amass intel to find root domains. And use amass enum to find subdomains. Write a bash script to do all these and you're good to go.