Welcome to the comment section! First, thanks for watching! Make sure you are subscribed if you liked the video! ua-cam.com/users/BugBountyReportsExplained Follow me on twitter: twitter.com/gregxsunday ✉️ Sign up for the mailing list ✉️ mailing.bugbountyexplained.com/ ☕️ Support my channel ☕️ www.buymeacoffee.com/bountyexplained 🖥 Get $100 in credits for Digital Ocean 🖥 m.do.co/c/cc700f81d215
Usually, you see at the first sight which response comes from WAF, as it usually has "Blocked by WAF" message or similar. In this case, the filter didn't cause 403 status, but it was standard 200 OK, but some parts from the user input were deleted.
Bro i cant find the browser extension that u use at min 7:14. Its available for firefox? Could u tell me the extension name? P. D: Thanks for your videos, u are so good!
@@BugBountyReportsExplained if we look at burp suite, there's an option to replace the response header which is the xss protection right? how do you do the PoC since the burp option only aaffect our browser. is that even make sense?
Great video, thanks for outlining all the steps! Am I wrong or html encoding HTML special characters on the waf or application side would have been enough to prevent the exploit?
Can someone explain to me how a hacker uses this scenario to do something malecious in the end? It showed an alert so would it have been possible to also inject some other code which does other things? Thank you
Showing an alert box is an indicator that attacker was able to run javascript. Of course, alert is not malicious but being able to run javascript is. by running javascript, you can do a ton of things (basically everything that the frontend application would do) and some common techniques are to send the "victim's" cookie to an attacker, extract other information from the application and send it to the attackers, etc. xss is a client-side attack meaning that all those attacks are done towards another user by sending a malicious link to the "victim" if we are talking about a reflected xss or mass-targeting a lot of users that visit a specific page when we are talking about stored xss. the sky is the limit if your application suffers from xss.
i'd go for: 1) python or other scripting language where you will be able to write some scripts if you need 2) write some web applications to understand the developer side of things 3) some knowledge about bash or equivalent
How can someone became a Pro bug hunter ? Why very few bug hunter are successful in a long run ? What can be done , what should be learning continuously to stay ahead?
well, that is a good question, but you should ask profession bounty hunters. I'm mainly a pentester and that's why I understand all this stuff, but Im not really actively doing bug bounties since I've started the YT channel.
Welcome to the comment section!
First, thanks for watching!
Make sure you are subscribed if you liked the video!
ua-cam.com/users/BugBountyReportsExplained
Follow me on twitter:
twitter.com/gregxsunday
✉️ Sign up for the mailing list ✉️
mailing.bugbountyexplained.com/
☕️ Support my channel ☕️
www.buymeacoffee.com/bountyexplained
🖥 Get $100 in credits for Digital Ocean 🖥
m.do.co/c/cc700f81d215
Respect for the explainer and researchers!
What a great explanation. Subscribed already..
Thank you for sharing.
thank you for watching!
All videos of this channel are awesome and very informative
Thank you so much 😀
Awesome bro, nice explaination , even I stuck with waf bypass
it seems like a really tough one so nothing to be ashamed of mate!
Very useful, good explanation. Plz post more
Wow this 4 bypass was amazing even I never understand😉 simply super
yeah, amazing!
Once I found a xss in Google forms, in that I bypassed three filters....a waf and two CSP's
congrats mate!
Great video.Is 403 status always comes from the waf..so we would know waf is blocking us not the filters!?
Usually, you see at the first sight which response comes from WAF, as it usually has "Blocked by WAF" message or similar. In this case, the filter didn't cause 403 status, but it was standard 200 OK, but some parts from the user input were deleted.
Thanks for the explanation bro 👍
thanks for watching bro 👊
your videos are always Awesome! keep it up
thank you mate! 👊
Very informative, keep doing, continue, thanks
Im very happy you think so!
Bro i cant find the browser extension that u use at min 7:14. Its available for firefox? Could u tell me the extension name?
P. D: Thanks for your videos, u are so good!
its hackbar
What most surprised me is the fact of these guys remember action script and think about to use it to exploit the vulnerability
Could you please make a video on web pentesting using devtools
I described a part of my Devtools workflow in "BYPASSING CLIENT-SIDE XSS FILTERS" that's in BBRE Premium archive ;)
Cool! So we can bypas waf w/ various payload, but how about x-xss-protection=1 can we bypass it?
it's meaningless now. Is was there only for browser xss filter like chrome auditor. Auditor is no longer in modern versions of chrome.
@@BugBountyReportsExplained if we look at burp suite, there's an option to replace the response header which is the xss protection right? how do you do the PoC since the burp option only aaffect our browser. is that even make sense?
Great video, thanks for outlining all the steps! Am I wrong or html encoding HTML special characters on the waf or application side would have been enough to prevent the exploit?
you should make poc without any match&replace rules in burp so your POC is representative of a real attack
@Alessandro you not wrong, HTML encoding is simple, yet unbypassable way of mitigating XSS attacks
Great job buddy :)
thank you buddy
Keep with the good work up!
thanks bro I will!
xss seems like a vast ocean highly dependent on the individual program and its filters.
indeed! there are tons of different vectors and bypasses
Can someone explain to me how a hacker uses this scenario to do something malecious in the end? It showed an alert so would it have been possible to also inject some other code which does other things? Thank you
Showing an alert box is an indicator that attacker was able to run javascript. Of course, alert is not malicious but being able to run javascript is. by running javascript, you can do a ton of things (basically everything that the frontend application would do) and some common techniques are to send the "victim's" cookie to an attacker, extract other information from the application and send it to the attackers, etc. xss is a client-side attack meaning that all those attacks are done towards another user by sending a malicious link to the "victim" if we are talking about a reflected xss or mass-targeting a lot of users that visit a specific page when we are talking about stored xss. the sky is the limit if your application suffers from xss.
As Yakushi responded, you can do whatever the victim can do on an attacked website and read all data that the victim can read.
Thank you!
👌
John cina?
How to bypass html encoding? do a video on that
You can't.
thank you
thanks for watching!
Legendary exploit, legendary explanation
legendary comment
Which of the extension you are using in browser
i think the one visible on the screenshot is hackbar for firefox
@@BugBountyReportsExplained thanks dude
Great! Awesome!
👌
Superb
👌
Do share Poc video
Sorry but what's your country it's looks like Russia or Algeria
Poland
@@BugBountyReportsExplained ok bro cool
@@BugBountyReportsExplained tego sie nie spodziewałem. Pracujesz jako pentester na etacie czy zajmujesz się profesjonalnie bug bounty?
Please tell me what programming languages to learn to be an ethical hacker or pentester
i'd go for:
1) python or other scripting language where you will be able to write some scripts if you need
2) write some web applications to understand the developer side of things
3) some knowledge about bash or equivalent
How can someone became a Pro bug hunter ?
Why very few bug hunter are successful in a long run ?
What can be done , what should be learning continuously to stay ahead?
well, that is a good question, but you should ask profession bounty hunters. I'm mainly a pentester and that's why I understand all this stuff, but Im not really actively doing bug bounties since I've started the YT channel.
@Oliver
Yes ,
But how ?
What is the Right pathway ?
Cool !!!!
👊
Sir work in demo Please 🙏🙏🙏🙏
what is demo?
@@BugBountyReportsExplained i mean work in website
"That gets triggered"
Yea, it propably got really angry, maybe even triggered...
_bottomtext_
TRIGGERED
Pozdro :) !
siema!
❤️
😊😊
Love the accent btw
thank you buddy 😊
Mission Impossible 😄
it definately looked like the end. That's what I like about this report the most!
At least add English subtitles for all videos
There are english subtitles for this video and for most of them