I understand that my explanation may not have been adequate for some of our more advance bug hunters and programmers. So, I have added a new video with a more detailed explanation of what is happening and how this bug would be fixed you can watch it here ===> ua-cam.com/video/NfKjZCVBivw/v-deo.html
you are a very realistic channel. in one video you said: "look to the source code on the 'subdomains' of the website. you can find password in html comments."
Have you checked out this video. ua-cam.com/video/do1yINolgEY/v-deo.html I talk a little bit about XSS, and show you how you can "accelerate" the XSS process. But I can definitely go into more detail on getting XSS vulnerability to pop! In a Part 2
This bug would actually be checked by the javascript not the server. In the video I said server. But it would submit a post request because the page.js didn't check the max length. I will post a video in a few hours explaining how it works and show you the javascript that will fix the issue described in this video. Thanks for the comment 😉 It helps me know I should have went into more detail the first time 😁 And you are right if we refresh the page we will get the source code as normal but we can make a post request with the modified html.
Here is the link to an explanation of how the bug works with making a post request to a server and accepting our changed html when not checked by a function 😉 ua-cam.com/video/NfKjZCVBivw/v-deo.html Thanks, for helping me in the future be more clear in my explanations. I will try to get better with each video 😁🤓
what is the name of that bug ? i mean if we talk about owasp top 10, in which category it falls under ? i have come across same bugs but i didnt know how to name that bug and didnt know in which owasp category fall so i didnt report lol
That is a good question. I guess I would label it a business logic error 🤷♂️ This would be a really low classifying bug and a lot of programs won't pay for a bug like this because it has no real negative impact to the application.
I wouldn't classify these examples as html spoofing. In html spoofing, (as I understand it) an attacker injects html onto a web page that is then used in phishing attacks. In these examples we are just changing client side source code to view what the html has hidden from us. However, both are client side attacks
@@yahiakhaled4373 This is a good example of html spoofing or text injection look at the png and you will see how it gets used in phishing attacks hackerone.com/reports/263866
I understand that my explanation may not have been adequate for some of our more advance bug hunters and programmers. So, I have added a new video with a more detailed explanation of what is happening and how this bug would be fixed you can watch it here ===> ua-cam.com/video/NfKjZCVBivw/v-deo.html
you are a very realistic channel. in one video you said: "look to the source code on the 'subdomains' of the website. you can find password in html comments."
Thanks again for sharing the web knowledge. This was an appetizer.... Keep em coming PhD, keep em coming!
Great video, need second part on Javascript bugs like XSS etc
Have you checked out this video.
ua-cam.com/video/do1yINolgEY/v-deo.html
I talk a little bit about XSS, and show you how you can "accelerate" the XSS process. But I can definitely go into more detail on getting XSS vulnerability to pop! In a Part 2
💗💗💗💗💗🔥 excellent contant
❤️❤️
though this video is very basic, it is necessary for beginners
The bugs that you shown does not reflect to the server, when you refresh the page you will get the source code normal.
This bug would actually be checked by the javascript not the server. In the video I said server. But it would submit a post request because the page.js didn't check the max length. I will post a video in a few hours explaining how it works and show you the javascript that will fix the issue described in this video. Thanks for the comment 😉 It helps me know I should have went into more detail the first time 😁
And you are right if we refresh the page we will get the source code as normal but we can make a post request with the modified html.
Here is the link to an explanation of how the bug works with making a post request to a server and accepting our changed html when not checked by a function 😉
ua-cam.com/video/NfKjZCVBivw/v-deo.html
Thanks, for helping me in the future be more clear in my explanations. I will try to get better with each video 😁🤓
what is the name of that bug ? i mean if we talk about owasp top 10, in which category it falls under ? i have come across same bugs but i didnt know how to name that bug and didnt know in which owasp category fall so i didnt report lol
That is a good question. I guess I would label it a business logic error 🤷♂️ This would be a really low classifying bug and a lot of programs won't pay for a bug like this because it has no real negative impact to the application.
@@ryan_phdsec Thanks for reply. now it makes clear to me. 👍❤
I love you
Is these spoof html content bugs???
I wouldn't classify these examples as html spoofing. In html spoofing, (as I understand it) an attacker injects html onto a web page that is then used in phishing attacks. In these examples we are just changing client side source code to view what the html has hidden from us. However, both are client side attacks
@@ryan_phdsec aha i JUST was asking ... so are there any reports from h1 that I can read to know more about it?
@@yahiakhaled4373 This is a good example of html spoofing or text injection look at the png and you will see how it gets used in phishing attacks hackerone.com/reports/263866
Javascript!
❤️❤️