Rat hacks website in 5 minutes 😱

XSS Rat shows us how he hacks websites in 5 minutes and get customers. He approaches companies and gives them 1 hour of free consultancy. But, he is often able to hack their website in 5 minutes - and gain a new client :) He then shows them how they can better secure their websites against actual attacks.
XSS Rat's new course: davidbombal.wiki/xssratpentest
// MENU //
00:00 - Coming up // Hacking websites in 5 minutes!
00:48 - Intro & Disclaimer
00:59 - How to hack websites with XSS
02:17 - Hacking websites demo
03:10 - CAPTCHA vulnerability
04:49 - CSRF token vulnerability
17:19 - Changing emails
20:36 - Client Side Template Injection
24:30 - Mass Assignment vulnerability
28:23 - Open Redirect vulnerability
31:54 - Stealing session tokens
34:44 - JWT vulnerability
38:37 - WordPress // Don't use plugins!
39:10 - Even experts can make mistakes
40:38 - Recommended security scanners
41:05 - Account takeover vulnerabilities
45:37 - Fight the cheese monster! // hackerats.com
52:00 - Thanks XSS Rat! // Free labs on hackxpert.com
52:52 - What to expect in the next video
53:26 - Conclusion
// Previous video //
XSS hacking: ua-cam.com/video/PzRQhpbYbeg/v-deo.html
// NEW COURSE //
Get XSS Rat's New Pentest course: davidbombal.wiki/xssratpentest
// Demo Sites //
This video: hackxpert.com/00032422342/ratsite/
Others mentioned:
- hackxpert.com/labs
- hackxpert.com/ratsite
// David's SOCIAL //
Discord: discord.com/invite/usKSyzb
Twitter: twitter.com/davidbombal
Instagram: instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
UA-cam: ua-cam.com/users/davidbombal
// XSS Rat SOCIAL //
Twitter: twitter.com/theXSSrat
UA-cam: ua-cam.com/users/TheXSSrat
Website: thexssrat.podia.com/
// XSS Rat's Udemy course //
New Pentest course: davidbombal.wiki/xssratpentest
XSS Survival Guide: www.udemy.com/course/xss-survival-guide/
// XSS Rat's courses and bootcamps //
thexssrat.podia.com/
// MY STUFF //
www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
Disclaimer: This video is for educational purposes only.
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended.
Thank you for supporting me and this channel!

Been following him for ages on twitter. Incredibly talented guy 👏🏻

DB is the most simplistic and most informative person

As a developer I know I a thing or two about preventing from the basic and most common vulnerabilities/attacks. It's always good to have tools to learn how these types of "hacks" work. It's nasty how a small line of code (or lack thereof) can cause so much damage. ps. don't forget to update (patch) OpenSSL v3 folks 😛👍

These video's are really good David. I think what is key in what XSS Rat was doing, if you take for instance the CSRF example, he knows how the CSRF is implemented as a best practice. Then when he encounters an implementation that acts different, he knows that he is onto a vulnerability. I encourage the junior programmers to take a look at this. Because it's good to see the way a hacker approaches your app and the different ways of thinking. Your channel is slowly dragging me into the hacking scene... thanks

Ah, uncle rat! Thanks for bringing him to your channel. Dude's awesome!

Legend. Simply the most logical, interesting, topical, informative and highly engaging teacher bar none. Thanks David.

Thanks David , for providing quality things to the viewers

David sir, as always 🔥 putting out great content 💗🙏

We love these long technical videos David! Keep them coming

David, Wesley was awesome! The tutorial was very informative too! Thanks for sharing!

Thank you David and XSS Rat for the great informations, an hour went by and didn't even notice.

Great video David on cross eye scripting thanks David 👏🏾

David thank to you for bringing this delicious content to all of us who we are learning in the cybersecurity sector.

I love this and I'm trying to learn how to code. I am always getting hacked it's like I'm the person that hackers practice on. So from your page I'm learning how to protect myself. Love this page and keep it going.

DB absolutely incredible and down to earth person as always thanks David for enhancing our skills and I hope your having a good day

David is such a great Guy and has one of the best UA-cam channel in cyber security stuff and this was a big advertisement for rat guy...

Quality informative videoo!! , thank you so much for this grt explanation . I'll surely implement these procedures against the vulnerabilities , and cheer the relegion of cybersecurity 🥳

Squirrely bracket, squirrely bracket. Squirrel power! You go, squirrel!

Awesome showcasing here! For folks out there.. just to share, I came across a couple of these concepts in the hack the box labs in the past. If you are keen to practice, For the jwt vulnerability, you can try it in the box called "secret", for client side template injection, its "postman".

You need to be to be on rumble. Drop the mic! Be the resistance David!

Thank You Both 💖

all his points are valid. agile coupled with younger single target focussed programmers who know very little of the backend systems and only focussed on meeting tight dealines.. only going to exasperate issues further. many of them dont even understand how to fully impliment these types of controls as he points out.

And also thank you Mr David, you might not remember but you assisted with one of mr projects still appreciate.

Been waiting for this to happen!! Knew it would..
Congrats Uncle Rat, only the beginning

Hi David,
If you are afraid of getting some videos banned by UA-cam, then create a rumble account and upload those videos there. I am currently learning cybersecurity because of you.

Thanks David for a fantastic video! Thanks XSS Rat!

If most people knew these things they'd pull a Ron Swanson and throw out their computers or phones. 😂

i inspire to be as knowledgeable as dudes like this

Yooooo, you got uncle rat on the Chanel!
He is super awesome!!

Always great content and new things to learn love your videos David♥️ helped me in learning more ethical hacking

That brain must fill the whole head :D
I love when guys who don't look special show just how genius they can be.
Serious respect for XSS Rat.

His kungfu is strong :)

"Rat hack website in 5 minutes" the video : 5 3 m i n u t e s

Amazing. This is like the part 2 ;)

man i wish David had his own tv show

Nice way to show the use of “lay of the land” tools to use to pentest.

David An Amazing Teacher !

Please make a video on how to find mobile by IMEI number.

As I was clicking the video I was getting ready to grab my airgun to get the damn critter...

You know a REAL SMART GEEK when you see one...
They are so perfect that when they make a simple mistake- they become flustered.
This guy is an amazing shell popper 🍾 🥂

Been following rat guy for a while now. He is smart

Never gonna give you up.... lol. Sorry couldn't resist. Not sure how wise it is to persist 'hacks' between logins on a practice site; could potentially expose a learner to something harmful.

Amazing video. Thank you very much!

Hello David, I hope you will answer my question yes. My question is, do you also have classes on web security?

Well done Lesley and David xxx

At 11:00 you can just click on "view source" in your payload and you"ll get all your parameters in the format you like

What about the new Tesla model pie phone and it being able to interact with neuralink

Hi, XSS Rat I am planning to become an Ethical Hacker. Where do you think that I should start from?

Hello David, your videos are so informative and interesting. Thank You so much for creating such a content.
Can you please make some videos on how to test online /multiplayer game hacking/pentesting ?
Thank you

CSRF can be exploited by merely VIEWING your code, not just clickong. Love the trick

This is the first video that seems a bit weird. Like, I never knew these exploits were still relevant enough to mention? It's like hearing people say: "Don't use 0000 or 1234 as a phone lock". It doesn't hurt to mention it again of course, I'm just surprised.

Yes wesleyyy my bro, been watching your channel a lot recently

Is it possible to change a website content permanently? If yes then can you please give me Guess? It's my humble Request🥺. (Just for Educational purpose)

pleas more sdr videos like ss7 attacks sms decryption

David
Please I have seen the courses he offers in Udemy
But I didn't know what course I would learn like this video in UA-cam? Can you tell me!

You know im etical hacker and i send many advices to many companies and sometimes want help for free and some times doesn't reply my messages or emails.

Hello Mr David can we hack Nuclear missiles ? Reply

Hi sir what is the cost for joining this channel? I know the cost is already given what I'm seeing is ₹59 which is less than 💲1 , I'm assuming that you had asked 59 dollar for joining, am i right ?

we are new at computers, I am 6 and a half months old, and on my fathers lap. This is satisfying when he types my questions, so I am wondering, if you like milk?

I wouldn't call myself a rat that's just not the animal I'd chose lol. XSS lion maybe , but rat lol

thats all good and fine the thing is most valuable websites now a day are not vulnerable anymore and all these demos are executed on vulnerable platforms challenging is hacking a non vulnerable websites

He mentions dropbox a lot. Is dropbox a client and vulnerable to these exploits or he's implying a company like dropbox is victim to these attacks? (Box)

I AM ALMOST 50 YEARS BUT I WANT TO LEARN HACKING, PLEASE TELL ME WHAT TO LEARN FIRST... THANK YOU

I love watching you guys videos they always make me go to sleep.

I have a question.
Can we exploit SQLi through XSS. I mean post exploitation fr XSS to SQLi.
In simple words, gaining access to the website's database using XSS vulnerability

best ever❤️❤️

A PART FROM CHAPCHA WHAT IF THE CAPTCHA IS invisible is that also a problem

There is!!! Uncle Rat!!!

that why levels of access is so important

These are very trivial examples today.

David u keep giving us clues 😂

Around 11:00 he could have just clicked view raw source and not had to add the & manually later.

Another Great content. Thanks, would love to watch iOS or Android hacking.

Thank you, XSS-Rat, amazing performance like always.

Nice video, also Do about api hacking

Can we get a online payment systems demo? Like stripe or square

My wife is getting really tired of these videos being my date night suggestions.

Brow you now bjorka hacker ?
Please

You can absolutely use API to solve captcha in a bot...

Amazing explanation 👏👏🙌🙌

That's why I never, ever use cookies.

Now that I understand you just close the tag and inject your code behind it I’m going on a bug hunt wish me luck😎

Thanks guys!!

He needs another user (person) to direct . May i suggest. ?

my pc was hacked and all my email account was scamed

what webbrowser is he using ?

Alone we survive, together we prosper 🐀

good stuff. Thanks both of you.

Can you make a video on how to pull a Wi-Fi password using the address of Wi-Fi

Can you do something with a flipper zero

How do I hire Wesley?

Interesting, pls I need to learn ethical hacking to protect my family.

Hello, don't be tired, how to extract emails from a website

android hacking to get cookies, cache memory, tokens to be able to log in windows from Android application cookies or cache memory...? Thanks

Please make a video on how to trace android with IMEI number. Please

Is it possible to clone a fb target id,
Please make a video on it,🥺🥺

Great video. More please.

Can anyone put me through on how I can locate an hidden item on a shopping site, would love to get assistance from pros in the computer world.

Hi, I am from Pakistan, please guide me or tell the complete path to hacking, as here full guide or path is not available, i want to become a hacker , i am good at c, c++, c# , python, but want to become a hacker