Cross-Site Scripting (XSS) Explained And Demonstrated By A Pro Hacker!

Loi you are a beast. This is straight to the point and no bullshit. The first time I saw you, I went straight to udemy and got 3 of your courses. Keep spreading the knowledge brother!

"i hope you learn something valuable...". This is absolutely valuable,
I have been trying to find how dangerous XSS is, but never get satisfied answer except this one. Thanks loi!

Dude you deserve way more views. Straight to the essential, clear, understandable. You won a new follower !

I'm brand new to IT and was reading about open web app projects and came across the word Cross Site Scripting. Your explanation and demonstration was so clear, concise and yeah, scary! Thank you. I'll be studying your content for sure!

Dude, I’ve been studying cyber for over two years. This is amazing. The first time I can actually see this in action. Thank you!

This channel is gold. All I can say.

Best demonstration of XSS that I have ever seen - thank you

I've tried many times to understand what is really happening with XSS and this was the best way it has ever been explained to me

This is awesome... If someone is in hurry of preparing for the interview.. get this..

thank you man, now I can start my career with you here in UA-cam even before I go to university

Wow, I knew a little about XSS but I didn't had the creativity to think that this kind could be made with this technique! Thank you so much for the presentation!

I found great tutorial on XSS after several year, :) Thanks for sharing it so intuitively.

I have never been more confident about my cyber security career after watching this channel. You’re a gem. Thank you.

Man this was awesome 🤩 being a CEH guy I was still not able to understand how to perform XSS in proper way but this one video cleared my all concept ❤ u deserve millions of likes and views

Really liked ur video sir, where most of the videos creators focus on the theory and unnecessary content, Ur content is very very good it actually gives practical knowledge and that too with very good explanation. Really appreciate ur work 🙇🙇

Now I know how those infected sites have been hijacked before to host a phishing site, great demo!

Thank you so much. I'm a web developer and this info is a gold. You explained this in such way that anybody can understand the great risk. This is scary how easy it is to hack the site if it is not protected against these attacks.

All of us know we don't learn hack to hack our own system😂😂😂

Loi you are the best! I love that you acutally shows us how XSS works rather than just explain it in pretty words :) Thank you so much!

This is incredible and has so much value, Loi! Never in my life have I been exposed to hacking this way, thank you so much! Learned a lot!

You're a legend. Straight to the point and you spoke quickly with no filler.

just been assigned to a security project dealing with XSS, and your video is really helpful and valuablr . a big thumb up bro

Extremely well done, found your video looking up what XXS was because i wanted to see how dangerous the CS2 exploit is. Thanks for the great info.

Amazing video.
Went through various articles and demos explaining XSS but this one is by far the best one

FIRST TIME I WATCHED THIS I WAS NO IDEA WHAT I'M WATCHING I DON'T UNDERSTAND ANYTHING BUT NOW FOR MONTHS STUDYING JAVASCRIPT AND DOM MANIPULATION I CAN NOW EASILY UNDERSTAND EVERYTHING, THE MORE I DIVE INTO TECH THE MORE MY PERSPECTIVE CHANGES ABOUT INTERNET

This has been the best explanation of what a XSS is. Thank you!

instant subscribe worthy. clear explanation, clear voice, valuable content

You got another subscriber. You explain and show the process so much better than Hack the Box. I’m currently slogging thru the Linux Fundamentals course and it is hard.

thank you just ran into a NoScript detected a potential Cross-Site Scripting attack wow this is helpful

Wow, this is insane. Ngl I'm a little freaked out by this. Great information as always. Thanks 🤟👍

Game over..... Great info . Most useful channel 4 ethical hacking learning 👍👍👍👍👍

Thanks for the explanation. Now I can easily differentiate XSS attack from a Cors attack.

Clear and concise explanation and demonstration. Couldn't ask for better.

The best Chanel for learning ethical hacking

clear, concise and to the point explanation. Just amazing!

Amazing content Mr.Yang. Highly resourceful 👍

Wow you earned a sub and a ton of respect. You're fast, to the point, highly information-dense.. perfect level of difficulty for me. So happy the algorithm brought me here. Keep it up boss!

on the process of getting my CompTIA. I was a little confused on this topic but wow. It really is scary. thank you for the video!

Perfect timing! I was actually testing it a few days ago!
PS: I didn't expect your password to be 12345678 :P

I am a career shifter and my current work is related to cybersecurity, and thank you for this

" i hope you learnt something valuable "
Is that a question sir ..
Your channel is a diamond thank you so much

Terrific content! Learning so many new techniques.

Wow I love your episodes.......Guys let's get to 1million subscribers

Ugh I hate all these spam hacker comments on every infosec video. Thank you for the content. Beautifully explained like always.

Excellent introduction on this topic ! Audio quality is great as well, keep it up :)

Nice job. Next question is, this seems like an easy task to fix. What else should one do to protect yourself and what is the current state of XSS protection and danger?

This made my day! Thanks for the great explain the process and where to find them to test and prevent

I know that XSS is dangerous, but I never realised it can be this dangerous. +1 sub.

Thank you so much for letting me know how dangerous stored xss is .

So I was thinking: if you are going to look side ways, maybe you don't need a head cam when we see the work on the screen. Thanks for the video, very informative

Well explained. Just subscribed after watching your video for the first time.

Ty for the demo. However have a doubt. How does tool plant malicious js to another users browser. The demo showed is the js and user login is done in the same local machine. Can u make the server render the webpage with malicious js??

Instant sub after the 1st video, good job explaining and the demonstration helps so much 👍

Wooow!! You gain one more subscriber 🙏🏼🚀

wow amazing video, Im studying cyber security and knowing this its very useful! I'm subscribing!

Good demonstration of XSS using a feedback form

This guy doesn't spend 30 minutes speaking bullshit and only 2 minutes showing the real thing. I'm a fan

The only channel I watch when learning hacking:)

Thank you, you teach very well even if i already know most of things thats you show, you make them more understandable.

Your explanation is very clear and easy to understand

Hi Loi! Great video! Could you please make a video about your desktop setup or what you look for in laptops that are tailored for penetration testing?

What an awesome video! I’m glad I came across your videos, I have one real nooby question though…
If this SQL stuff is so easy to put into websites, what do banks, shopping or government websites use to protect themselves from these attacks?

Thank you for the detailed explanation. Can someone answer the question; does this kind of ethical hacking of your own site or apps allow some better capabilities for development?
I want to understand if this is helpful for developers to not get locked out or to better monitor traffic?

Invaluable information. Many thanks Loi!

This is total fun and amusement 🙂 Love your music Peace and Love from Sweden

Awesome video, as always. One suggestion though, could you post the links in the description? Thanks :)

i always watch full ads video in your channel sir
so that you will bring more videos for free to us without any cost
thanks

I'm a very beginner, but I'm interested in cyber security.... And it's pretty scary to see how easy it is to get your informations...

Great Video, worth every second of watchtime.

Please start ... complete hacking course 🙏❤

Learning about Cyber security after the CS2 XSS exploit that was reported yesterday
I want to hear your opinion on that! It's actually making me really anxious

Broooo, thank you for visualizing this concept!

wow subscribed and i hit the bell to get notifications

im a frontend developer, looking for a video how dangerous xss is, because i know nothing at all about how it will impact our data. hope to see a video how to prevent it as a developer from you because i love to see how you explain informations

i suprised that subscribe button is highlighted when you mentioned it

What a valuable resource, so clear and easy to understand, thanks

Very neat and clear . Thanks

XSS = GAME OVER. Thank you for creating great content!

Thank you so much, you do a great job of explaining it this helps me with my college XSS lab.

Just subbed, great content. Clear and concise

in fact i've learned something valuable, Thank you from Algeria.

So once the user loads the comment section with the script, the browser is now "Hooked". So my question, if the user leaves the webpage, is the browser still hooked or BeEF is not able to connect to the client anymore?

Hello sir Loi Liang Yang, I learnt something new today 😀😀
Thank you ❤️❤️

I needed an example outside of the classroom's Vector Image with some script inside of it. I could see how thats easy to fall for

The problem is you can only realistically get better by practice and diverse practice against differing targets is likely against the law unless you have a job in pentesting.
It’s all fun and games until the authorities knock on your door.

Very Informative ! Thanks for such an amazing video ❤️

Good video, with wonderful description.
I have a doubt:
If I am a hacker-programmer, why should I try to execute ... inside a text box? I can make use of the browser developer console, right?
Another doubt:
In the video, you are entering email and comment (as a user). The hacker is entering email & script-in-the-comment-box. How the hacker got the user's credentials (to enter script in the user's homepage)?
OR you mean to say, the script provided through the comment box is set in the server code and will be available for all the users? (I am actually confused with XSS after user's login)

You remind me of the guy from (youtube) PBS Space Time (but a non English version of him). :) Great tutorial. Always nice to see how these attacks are done so I can make my website and APPS more bullet proof. :)

Nowadays all web frameworks come with really innovative input sanitization techniques which make XSS attacks absolutely useless. Any tricks to bypass these would be cool

what a great way to teach, thank you sir

Thanks for the clean explanation!

Great video. I’m going to install beef asap!

What is the best spot on your channel for a beginner earning his SEC+?? I want to start practicing on my home network..

So I Have A Question
You Type The Script to tht Web site does it affect other users or only you?
And Thank You For The Video

This channel is always on top

Just subscribed, awesome stuff.

this is cool and all but it bothers me how late the webcam is with the audio 😅

I use your site to help make my website and APPS in development more secure. Thx :)

Exceptionally explained. 🙏

The video is very clear but my question is can you do this without beef? For example if you have access to a site can you write your own code to put in it, and also does it always change the url