Exploit Cross-Site Scripting(XSS) To Capture Passwords
Вставка
- Опубліковано 9 бер 2022
- If an application is vulnerable to cross-site scripting one of the actions that attackers attempt to perform is capturing the username and password of the users and take over their accounts. In a successful scenario if the victim is an admin user of the application then exploiting XSS would allow an attacker to access the admin functions and data and fully compromise the application. During this video we see this scenario in action.
Web Security Academy | Lab: Exploiting cross-site scripting to capture passwords.
portswigger.net/web-security/...
NOTE: This video is made ONLY for educational purposes and to help developers and security researchers to enhance their security knowledge. Therefore, allowing them remediate potential vulnerabilities in their OWN applications.
Twitter: / tracethecode - Наука та технологія
Great video. Got to learn with your nice detailed explanation which was very helpful in understanding what's going on and how to use the XSS payload
Glad it was helpful!
This Channel Is Amazing Man 👨
Nice
This was a great video, but I don’t really know what to do in my specific situation where can I contact you for help regarding my situation.. because I don’t know if this will workout for me.
hey, why when the victim visit your comment then you can get their credential? can you please explain more? Thanks
Can you explain me why we have to use `https`? I did try with `http`, it does not work...
thanks for content explanation \o/
My pleasure!
What is that comments box has validation and it we can see the code comments section
Thanks!
Welcome!
Nicee edit broo
Thanks!
So when they click it, it will bring them to whatever domain you typed in the code?
When they view the comment, their username/password is sent to the domain in the payload.
@@TraceTheCode does this work on windows?
You can run a web server on windows.
thie work for only xss stored ?
its nice explanation but for burp collaborator you need professional version that not everyone have so its kinda you know pointless
Do you sell any course
A web application course will be available in near future.
@@TraceTheCode I want bug bounty
@@cryptowise658 i can teach you
And if victim is just an user not admin?
When attacker got user/pass of a victim user then can take over the account regardless of the victim privileges. If Victim is an admin this can lead to full compromise of the web application data and functions.
@@TraceTheCode damn. This is insane. THANK YOU for your answer and good video by the way.
Please if you can make one teaching how to be protrected against beEF the kali linux tool
My Pleasure!
Title is a bit wild..