Website Hacking Demos using Cross-Site Scripting (XSS) - it's just too easy!
Вставка
- Опубліковано 1 чер 2024
- It's just too easy to attack websites using Cross Site Scripting (XSS). The XSS Rat demonstrates XSS attacks. XSS Rat explains and demos cross-site scripting (xss) attacks.
// MENU //
00:00 ▶️ We are taking over the world!
00:16 ▶️ Introducing//XSS Rat//Wesley
01:28 ▶️ What is XSS/ Cross Site Scripting?
02:59 ▶️ Types of XSS
05:15 ▶️ Reflected XSS
06:22 ▶️ Example of data sanitization
07:35 ▶️ Circumventing filtering with the img tag
11:01 ▶️ Sending a Reflected XSS Attack to Someone
12:01 ▶️ Using HTML comments as an attack vector
13:49 ▶️ Using single quotes to break out of the input tag
15:14 ▶️ Don't use alert() to test for XSS
17:33 ▶️ What you can do with Reflected XSS
19:26 ▶️ Stored XSS
20:31 ▶️ Using comments for XSS
21:05 ▶️ Example #1 of Stored XSS on Twitter
21:42 ▶️ Example #2 of Stored XSS
22:12 -▶️ The answer to the ultimate question of life, the universe, and everything.
22:56 ▶️ Stored vs Reflected XSS
24:22 ▶️ AngularJS/Client Side Template Injection
25:06 ▶️ Don't use JavaScript?
26:09 ▶️ Where to learn more//XSS Survival Guide
27:04 ▶️ DOM Based XSS
29:36 ▶️ List of DOM sinks
30:12 ▶️ jQuery DOM sinks
32:15 ▶️ XSS Rat Live Training
33:00 ▶️ Support XSS Rat//Wesley
34:06 ▶️ Closing//Thanks, Wesley!
// Demo Sites //
hackxpert.com/labs
hackxpert.com/ratsite
// David's SOCIAL //
Discord: / discord
Twitter: / davidbombal
Instagram: / davidbombal
LinkedIn: / davidbombal
Facebook: / davidbombal.co
TikTok: / davidbombal
UA-cam: / davidbombal
// XSS Rat SOCIAL //
Twitter: / thexssrat
UA-cam: / thexssrat
Website: thexssrat.podia.com/
// XSS Rat's Udemy course //
XSS Survival Guide: www.udemy.com/course/xss-surv...
// XSS Rat's courses and bootcamps //
thexssrat.podia.com/
// MY STUFF //
www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
xss
cross site scripting
portswigger
ajax
jscript
javascript
xss attack
xss video tutorial
xss attack tutorial
xss explained
xss attack example
xss bug bounty
xss tutorial
xss vulnerability
xss vs csrf attack
xss example
xsser
xsssa facebook
xsssa
kali linux
penetration testing
ethical hacking
bug bounty
cross site scripting
cross-site scripting
red teaming
cyber security
kali linux install
kali linux 2022
ethical hacker course
ethical hacker
javascript
ajax
jquery
node js
node js hacking
portswigger
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
#xss #javascript #hacking - Наука та технологія
// MENU //
00:00 ▶ We are taking over the world!
00:16 ▶ Introducing//XSS Rat//Wesley
01:28 ▶ What is XSS/ Cross Site Scripting?
02:59 ▶ Types of XSS
05:15 ▶ Reflected XSS
06:22 ▶ Example of data sanitization
07:35 ▶ Circumventing filtering with the img tag
11:01 ▶ Sending a Reflected XSS Attack to Someone
12:01 ▶ Using HTML comments as an attack vector
13:49 ▶ Using single quotes to break out of the input tag
15:14 ▶ Don't use alert() to test for XSS
17:33 ▶ What you can do with Reflected XSS
19:26 ▶ Stored XSS
20:31 ▶ Using comments for XSS
21:05 ▶ Example #1 of Stored XSS on Twitter
21:42 ▶ Example #2 of Stored XSS
22:12 -▶ The answer to the ultimate question of life, the universe, and everything.
22:56 ▶ Stored vs Reflected XSS
24:22 ▶ AngularJS/Client Side Template Injection
25:06 ▶ Don't use JavaScript?
26:09 ▶ Where to learn more//XSS Survival Guide
27:04 ▶ DOM Based XSS
29:36 ▶ List of DOM sinks
30:12 ▶ jQuery DOM sinks
32:15 ▶ XSS Rat Live Training
33:00 ▶ Support XSS Rat//Wesley
34:06 ▶ Closing//Thanks, Wesley!
// Demo Sites //
hackxpert.com/labs
hackxpert.com/ratsite
// David's SOCIAL //
Discord: discord.com/invite/usKSyzb
Twitter: twitter.com/davidbombal
Instagram: instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
UA-cam: ua-cam.com/users/davidbombal
// XSS Rat SOCIAL //
Twitter: twitter.com/theXSSrat
UA-cam: ua-cam.com/users/TheXSSrat
Website: thexssrat.podia.com/
// XSS Rat's Udemy course //
XSS Survival Guide: www.udemy.com/course/xss-survival-guide/
// XSS Rat's courses and bootcamps //
thexssrat.podia.com/
// MY STUFF //
www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Thanks! Love your Instagram posts
@@CodeWithJoe please elaborate
Wow David you're collaborating with awesome people ♥️♥️.. here you dropped this king 👑
Thank you Faran!
That’s mine bruh.
@@MisterK-YT 😂
LOL David I just started following the XSS Rat not long ago! Either you're in my head, or I'm on the right track...'cause this just keeps happening! 🤣 Love that you're helping expose these gems of our community to the masses...great stuff man!
Once again great vlog David! Your channel is so awesome, you always have a great wealth of knowledge from all the guest that appear on the channel. I'm very appreciative of learning new things every time I tune in.
David you’re just the best. Keep pouring these contents . I’m really having fun .
Your videos are also so informative and entertaining! Thanks David!
Thank you! Glad you like them!
As a developer this is pretty useful. Thanks for the great value David
This channel is on fire! Loving these videos David!
Best content creator in the field Cybersecurity by far, informative and entertaining!
He is ridiculously clear in his explanations. Beautiful.
Damn!!! Loving these talks; learning so much and it's all thanks to you David, thanks 👍🏽
Tutorials on the net about this stuff are so confusing. Sometimes they appear to contradict one another. It's no wonder they have mistakes. Good video
Bro i learned so much from this guy, videos like this are terrific, please do as many as you can. Wish you the best!
Amazing video, questions and demo very well done. I always find it amazing how you can look at one thing differently and your in. *looking at the wall with security guard checking ID’s. Wall is only 3 feet wide. Just walk around.
I’m excited to see how I will look at my own code differently.
Thanks again!
Thank you! Glad it was helpful!
WOW! Wesley is so awesome! Thank you so much, David Bombal!!! All love. Always.
graet video, your guest seems to be a nice instructor, easy to understand him as well
Third time watching through. I will be signing up for the boot camp thank you for this.
Awesome content as always! Wesley seems pro and really nice guy!
Thank you friend :D
@@TheXSSrat you're cool man!
Thank you buddy all things you do to the community if not for you people like me coming from poor backgrounds would have faced a lot of difficulty to break into cyber security
great work david, nice questions!!
As always, amazing content!
Great video! thanks for the awesome content David
Wow, there is so much to learn. That was a really good informative video.
Thanks for providing me some supercool testing scenarios David..Love u 3000 man❤️..👍😀
A Gold Tutorial Video For Me I was Learned SQLI but Still Confused XSS this Video help me alot.Nice David.From Burma
Dang.... you know I've used templating frameworks for so long like handlebars, angular and most recently Vue. I never considered the possibility of script being injected through these templating engines but it makes perfect sense now that I've seen it.
I saw wesley for the first time in an interview with nahamsec. I immediately subscribed to his Chanel and watched his amazing videos 👍 java script is for me as network guy a little bit complicated but I learned the basics of reflect attack and found some vulnerability (I reported them ). Thank you David and wesley for this amazing video! ✌
Congratulations! That is fantastic :)
Very nice video, I really loved it! I think I just found my new path in the IT world.
YOU CONTINUE TO BEING THE BEST
this xssrat guy is a demon at bypassing wow just wow lol pls a video on javascript for hackers would be great
Thank you dear friend :D
Thanks David, I finally understood Cross Site Scripting
That's the kind of videos we love, great 🎩
Thanks! Another wonderfully didactic video!
Thank you so much, i just upgraded the security of my project :3
Interesting David thanks so much to the guy doing the teaching!!!!
Hi David, It would be great if these type of videos include 'how to prevent being a victim of these types of attacks'.
Amazing content :) Thank you both for it
What a really likable guy and great teaching methods. I've signed up on Udemy
Yeah he does seem nice. You can tell he really loves it but is up for a laugh as well
Got scared I actually bought Wesley's Udemy course right away. David continue inviting good people to your channel. I have promised to watch your videos instead of the Ukraine war news. Gives me more knowledge.
Much love friend :D
@@TheXSSrat I actually went to your youtube channel and subscriber there too. XSS is popular and I never understood how they were done. How you present your examples are very simple that it is very easy to understand. I see that you have the talent to teach. Thank you.
Now I understand how it works thanks David ❤
You are creating amazing content!!
You deserve this 🍪 ( cookie represent appreciation in modder's world).
What a great video. I will sign up for the Udemy course. Thank you!
This was very information !
Such topics should be taught in college , not only how to write code .
The thing is, I think it really helps to know JS before beginning XSS :D
Great video! Can you do a video on webassembly safety? Its an exiting new tech, and probably has some security pitfalls. For example, webassembly cannot run when you have csp headers. Cheers
Glad I know some basic of XSS security to handle as a developer. How foolish I am? . Thank you for your effort sir. Thanks a loot ❤️
alert() 🙃😂
Hopefully that doesn't work as UA-cam is better than Twitter!! 😂
@@davidbombal One day we will find vulnerability in UA-cam and tell that "Look here's a bug" 😂 I hope we will do it one day 😂
@@davidbombal and also doesn't work to all because there are a lot of comments in this video
Awesome vid! 💯
amazing, he realy dominates the XSS technique
Keep the great content coming
Thank you! Trying to bring the best content I can to UA-cam :)
@@davidbombal i like learning but am very adhd and most of the time i have no problem paying attention to your content i love your mind set poster that fish is going places lol
@@gregoryjones4539 I also have ADHD :) Here's an idea friend, can you watch it in parts? I try to chop everything down into pieces and take those one at a time
In addition to complex scripting, bad actors could also, for example, add unwanted images to your sites via the anchor tag - one method to screen out all offending tags in user content is to replace "
Your regular viewer orbit xyz😉😉
Video is great, plz make further video's on these topics
with reflected xxs can a attacker make a vulnerable website on purpose and host it them selfs then make a url that downloads somthing?
Great INFO, Cheers !
This is the reason why If you want to be a good hacker you really need to know or understand web development.
Thank you so much for your big efforts ❤
I am buy your wireshark course.... totally Pro level course ....so so Thank you bro....
Thank you for your support!
Keep up the great videos.
Thank you Michael!
So Content security policy and access control headers should be good enough protection right ?
Awesome video
This is really interesting stuff
Amazing vid!
Good program guru. Thank you.
Great video 🖤
If i were a President and i had a country, I'd have given you a state to govern. Just my way of saying thank you, Mr. David🇳🇬❤❤❤
can this not be solved by using .textContent instead of .innerHTML to display content on the page, or even convert the input to a string?
All time the best 😊
XSS Rat is great!
(bro, I have a very important question for me, if you have the opportunity, please answer me, because I worry about my account every day) what should I do if I crossed a site with an XSS attack?
Great video…. Thanks
Hey, guys, I know I am kind of late, but I have a question. How can I load and run an external JavaScript onerror? (I thought I could maybe inject beef this way!)
Love this guy!
If you would obfuscate your JavaScript then it would technically bypass the code that removes "Script"??
Nice guest 👍
You are the best !!
You are very kind 😀There are many amazing people out there 😀
Didn't know rats were that smart, time to build an army
XSS Rat is already doing this 😂
They did that in wanted yo
thankuuuuuu thanku thankuuuuuuuuuuuuuuuuuuuuuuu luv you
for any script to execute on a local pc visiting the "infected site", if the user has no admin rights, can the script be executed to do its malicious activity or not?
It can
@@tigreonice2339 just to confirm the script not requiring elevated privileges to do malicious activity?
Sooooooo informational, me like 👍
Hi! Im trying to bypass a filter on a webpage that only accepts some limited alphanumeric 11 character strings. What could be the easiest ways to do that? Is it even possible?
So recently, I had my bank account hacked and someone stole $2500 from my savings (surprisingly, they didn't wipe me out)- any idea as to why they didn't steal all of it? I'm thinking this is how my bank is hacked because the bank itself said, "at least once a day, someone comes into our branch and says, 'I've been hacked.'" Thankfully, they're FDIC insured and I love my bank/trust it, but I'm curious if this is how they might've stole/transferred money. I have info from them and IP address if someone could help me out. He/She accessed other accounts too, but who knows if it's really that person because they could have a "pool" of IP addresses, but definitely have one.
thanks for this video!!
no matter what I do, my internet on my computer and my cellphone, even using my data and turning wifi off (my identity was sold on the dark web); its like someones flooding me out of my connection. what do i do?
Thank you very much sir David
I want to see the source code of the sample website. Where can I see the sample source code?
Wow thank you, good labs 👍
I heard about an attack where hacker send an image via gmail or fb and they were able to get my token at that time. Is it true that can tell me how hackers created it and how to prevent it?
Yup, his website is a gold mine, awesome guy!
You know..i didnt understand a thing What can we do with it? I mean i wanna access the terminal of a website host(to run node.js)can i do this?
Can jQuery do a lot more than Javascript? Isn't jQuery mostly just prepackaged javascript functions? Kind of like a templating engine but for queries?
Hi David, please bring Dr, chuck once again, thankyou.
Hopefully soon. What topics you want him to talk about?
@@davidbombal its hard to choose topics, maybe more on other languages (go, etc). Mobile app development (swift, kotlin). Windows native apps (c#, pyqt), Programming + linux + networking skills, anything which involves programming, thanks.
Wow! I had no idea… scary.
Thanks ❤️ means a lot
You're most welcome 😊
Thanks Again!
You're welcome!
okay, I got it, but if I steal a cookie session, isn't that MY cookie? How does one knows whom cookie it is?
Hey David can you make a video for the reverse Engireering apktool,and i thank you for all your course
Hello David sir , I love your videos very much , but sir can you start podcast on spotify and put the conversations with people on Spotify
take a drink every time he says cross site scripting ahah
At around 10 minutes, isn’t this attack just a cross site request forgery/CSRF?
Can you talk about browser fingerprint?