omg, this was so amazing, there are thousands of videos on XSS but I hardly encountered anyone who explains topics in a such beautiful and simple way. Thank-you so much
You are the best teacher of this subject I have found on UA-cam. I graduated this year with a BAS in Cyber Security, but still feel like I’ve only scratched the surface regarding ethical hacking. I’m trying to become self-sufficient at bug bounty hunting, but I’m so bad at it. Your videos are really helping me though (more than other creators). You just explain it so well in shorter, more concise videos. Thanks so much, and keep it up!!!
Thank you so much! I was searching for this exact thing, using a real payload and explaining instead of simple alert that wont demonstrate harm to the server
Thanks a lot for this kind of videos. Maybe you could do a OWASP 10 but in this format with 10 basic examples of the most common vul, also i'm from Chile and a new sub.
Hey could you make a video on what your process is for bug bounties? What steps do you take when carrying out recon? What do you check for? And once you've completed recon, what do you do next?
grate video, whats fun you get a hard thing and make is simple to understand, views i guess you should also buy this guy's course, i saw it has cool content in it😁
There is something I don't understand. The malicious input it's saved in the db table that contains your profile info and it is sent and executed in the browser when the web client request to the server for your profile information, so how can this work to steal cookies from other users, since the malicious script it's only sent by the server when you log into your own account?
Hello plz answer me i have qst abt bug bounty i finish html im in Js (Function) When i finish Js can i start learning XSS & Learn Recon & how Web Work & burpsuit and try in labs than start in real world ? and in the same time keep learning about PHP & MYSQL and other OWASP 10 & methodology
and we want bug bounty explained videos. some blogs are high level we don't understand much of thier bug report write ups. please we want you to explain the easy way.
I know this is from a year ago, but this is stored xss, the malicious code is on the web server at this point. It's grabbing from a source (in this case, his kali linux server) and it's running anytime the profile created is checked. In this case, he was able to execute with , but there's more ways to execute js if the script function is blocked.
bro everyone is saying your videos are amazing good job I really want make some money through this field but I cant understand this ethical hacking where should I start
Finally, an example of how it works instead of a high-level overview.
omg, this was so amazing, there are thousands of videos on XSS but I hardly encountered anyone who explains topics in a such beautiful and simple way. Thank-you so much
So he was logged in already on his account. Did he steal his own cookies
true
You are the best teacher of this subject I have found on UA-cam. I graduated this year with a BAS in Cyber Security, but still feel like I’ve only scratched the surface regarding ethical hacking. I’m trying to become self-sufficient at bug bounty hunting, but I’m so bad at it. Your videos are really helping me though (more than other creators). You just explain it so well in shorter, more concise videos. Thanks so much, and keep it up!!!
I have looked for stuff like this forever and it never gives me a simple way or a way that makes sense THANK YOU.
Thank you so much! I was searching for this exact thing, using a real payload and explaining instead of simple alert that wont demonstrate harm to the server
Thank you for the example ! Im starting with pentesting and I decided to go with XSS, it's actually pretty fun and I learned a lot with your video.
Thanks a lot for this kind of videos. Maybe you could do a OWASP 10 but in this format with 10 basic examples of the most common vul, also i'm from Chile and a new sub.
This kind of real world explanation will actually help us to understand attack more. Thanks!!!
this is amazing, most videos usually just alert.
btw is it possible to try do one on angular based web?
Great as always !
Idea : you can make more videos about server side bugs !
great video, you connected all the dots with a real world attack example ! Make a video for exploiting latest AI attacks and 3rd party component vulns
Hey could you make a video on what your process is for bug bounties? What steps do you take when carrying out recon? What do you check for? And once you've completed recon, what do you do next?
Amazing how you teach in a simple form to understood.
Can you make a video, explain how to test xss when the webApp have some waf/filters ? 🙂
great content, thank you.. I've not seen a real example of xss so far. could you make more contents like this? the real world/hands on hacking videos
amazing it caught my attention through your video to dig out more in this topic thanks bro
keren, terimakasih ilmunya.
itulah mengapa penting sebuah website menggunakan SSL agar dapat terredirect ke https dan cookies nya aman
grate video, whats fun you get a hard thing and make is simple to understand, views i guess you should also buy this guy's course, i saw it has cool content in it😁
Short and simple, thanks!
very interesting ill be back when i understand what I just watched
im back i get it now
@@GINGER-200 Can you explain?
thanks for this amazing tutorial , n btw would you like to recommend any books for learning javascript ?
That's cool 😲.. so this type of attack is called reflected xss yeah 🤔?
There is something I don't understand. The malicious input it's saved in the db table that contains your profile info and it is sent and executed in the browser when the web client request to the server for your profile information, so how can this work to steal cookies from other users, since the malicious script it's only sent by the server when you log into your own account?
To answer my own question: if your user profile can be seen by anyone, when they see your profile they get the malicious code
@@dev.roysalazarthanks, I have the same question
Why are we referencing the xss.js file in the form field? Isn't it possible to directly paste the code from this file into the field?
Hello plz answer me i have qst abt bug bounty
i finish html im in Js (Function) When i finish Js can i start learning XSS & Learn Recon & how Web Work & burpsuit and try in labs than start in real world ? and in the same time keep learning about PHP & MYSQL and other OWASP 10 & methodology
Awesome explanation. Thank you
Thank u sire. Sire can u do more real world vulnerabilities exploitation and how to escalate a certain vulnerability to another Eg xss to csfr
this is amazing work👏
Would this be considered a persistant XSS attack?
and we want bug bounty explained videos. some blogs are high level we don't understand much of thier bug report write ups. please we want you to explain the easy way.
thank you. we need more hard xss like openredirect to xss ... something hard
How are you grabbing an admin cookie? That the only part I don't understand. Why would you have access to any data from his session?
I know this is from a year ago, but this is stored xss, the malicious code is on the web server at this point. It's grabbing from a source (in this case, his kali linux server) and it's running anytime the profile created is checked. In this case, he was able to execute with , but there's more ways to execute js if the script function is blocked.
bro everyone is saying your videos are amazing
good job
I really want make some money through this field but I cant understand this ethical hacking where should I start
I answer the video coming tomorrow.
very very good tutorial! thnx
Well explained!
Do one for cross site request forgery, confused on that one please
Hi, how to prevent xss on joomla CMS... In lang parameter can you share any solution?
this is amazing work
Please Make video on cloud hacking like Synology Nas
Cool. Keep it up
So, now the question is how to trick the admin in the real world to visit the link, like I have trouble logging in....
Great dude
💙💙💙
شكرا لك اخي
thank you sir
Wilson Timothy Jones Gary Clark Ruth
❤❤
Cobalt strike group
didnt know gmk did xss
Not exactly "real world" lets be honest, why is http-only set to false??
Not sure. In react, I have seen applications have dangerouslySetInnerHTML when it couldn't be any more clear NOT to do this.
How i cans message you on dm ?