This video is amazing! The have to build it to break it approach is perfect. Keep these videos coming. I'm surprised this doesn't have many views (which i'm guessing will change in the near future).
I'm so glad it's helpful!! I will definitely be doing more of these in the future, and I'm going to keep switching up the language so we get a chance to see a variety of different web applications and frameworks. I'm actually working on Server-Side Template Injection (SSTI) for Flask right now! We will build a Flask app with a SQL connection, full authentication and Roll-Based Access Control (RBAC). After walking through actually finding the vuln, I'll show how to weaponize it to compromise the application and the server it's hosted on, and correlate each of those demonstrations with a Hactivity report or lab. I'm very excited about the new format! It's hopefully taking some of the best aspects of my different videos.
Would it be possible to inject, and say replace the html code tags 'h1' that already exist, with 'script'? So you will end up having Welcome ${name} instead of .... Or is this methode not available like in the html code?
As i read your channel description i was a bit surprised how experienced you are seen your this video awesome exactly the man which is being described in channel description. Thanks bro for sharing such an amazing content. If you feel free i would like to pick your brain 🧠 some day and record a video 📷 to learn about your hacking journey 😊. Thanks again Regards Ilyas
Man i need help? In target 🎯 when i inject my payload into the javascript alert pop up 🔝 i tested this with different browsers and OS work all same. But when I inject the payload straight in the url of the target 🎯 its block me from doing that! Like i wanna confirm to validity of this vulnerability what should i do or that it self tells me it’s vulnerable to XSS and i should report it? Can’t wait to get ur advice and answer ❤
The process is the same, your goal is to be able to write to the DOM in some way. You need to find user-controlled input that is reflected in the server's response. Then, if possible, you need to find a payload that will allow you to write valid HTML elements to the DOM. Finally, you can injection JavaScript. My next video will be on Client-side Injection Testing and should help a lot!
It's very random and inconsistent. I've made over $15k in a weekend, but I've also spent months testing an app and got nothing. I always say bug bounty hunting is like an Easter Egg Hunt, which is appropriate considering the time I'm posing this, haha! It's not a penetration test, there is a huge amount of luck required in bug bounty hunting to find the vulnerable applications before other researchers do. You can expand your technical skills and build automation to improve your chances, but ultimately there's still a great deal of luck involved. Bug Bounty Hunting is a fantastic way to earn a bit of money while you learn offensive security concepts, but it's not a great choice if you are looking for consistent income.
Taylor Swift. Hehe. I listen to her sometimes, but usually just when someone else is already playing her. Her long-term music producer, and one of her bodyguards, are fellow Jewish people (I'm mixed, from America, but I live abroad).
Thank you so much for such a great contents it really helps. Sometimes the payload rejected as a string on the page like 'Hi' how does that filtering works, can it be really byepass, i encountered several of this type of filter
Thank you!! It all depends on how the application is sanitizing the input. I'm working on a new video on client-side injections that should help a lot, but as a general rule you will need to bypass one or more of these compensating controls: 1. Cookie Flags 6. Browser Security Headers 2. Content Security Policy (CSP) 3. Web Application Firewall (WAF) 4. Client-Side Validation 5. Server-Side Validation 7. Output Encoding
![[Part I] Bug Bounty Hunting for IDORs and Access Control Violations](/img/n.gif)
I'm in burnout period man, and I just love seeing your videos, keep up the great work, you are the best, for me
I'm so glad it's helpful!
thx for this awesome lesson. It's a greate idea to combine webdev process with bug bounty.
This is awesome. Cant wait for more like it.
Thank you! I'm working on a similar video, now, for Command Injection and Code Injection :)
MIND BLOWN. Really appreciate the way you made this video.
I appreciate all your knowledge. I'm trying dang hard to learn as much as possible, your videos are amazing!
Thank you so much!
Brooo Hats off man .....Hats Off...🎩
Please make more videos like this and on other vulnerability as welll❤❤❤❤
Pls make video on how you find xss from start. In love vdp targets
youre making great vids man
Great video man. Please make this a xss series and include bypass URL encoding and WAF and other xss complicated stuff
This video is amazing! The have to build it to break it approach is perfect. Keep these videos coming. I'm surprised this doesn't have many views (which i'm guessing will change in the near future).
I'm so glad it's helpful!! I will definitely be doing more of these in the future, and I'm going to keep switching up the language so we get a chance to see a variety of different web applications and frameworks.
I'm actually working on Server-Side Template Injection (SSTI) for Flask right now! We will build a Flask app with a SQL connection, full authentication and Roll-Based Access Control (RBAC). After walking through actually finding the vuln, I'll show how to weaponize it to compromise the application and the server it's hosted on, and correlate each of those demonstrations with a Hactivity report or lab.
I'm very excited about the new format! It's hopefully taking some of the best aspects of my different videos.
@@rs0n_live oh. I’m definitely watching that one. Can’t wait!
I am really hoping to find that first one and i watch ur videos , appreciate you a lot bro .
thanks a lot!!
Would it be possible to inject, and say replace the html code tags 'h1' that already exist, with 'script'? So you will end up having Welcome ${name} instead of .... Or is this methode not available like in the html code?
Haha. It would help the algorithm, indeed.
Haha, thank you!!!
Love the videos man ❤
As i read your channel description i was a bit surprised how experienced you are seen your this video awesome exactly the man which is being described in channel description.
Thanks bro for sharing such an amazing content. If you feel free i would like to pick your brain 🧠 some day and record a video 📷 to learn about your hacking journey 😊.
Thanks again
Regards
Ilyas
Rs Excellent explanation brother ❤ Don't delay in continuing WAP test explanations
Ur brother from Tunisia
Thank you!!
Very thorough, and helpful video! Thanks, bro bro!
Thank you rs i like watch your videos im my burnout period ❤️
same here im in burnout but i must wach him tho 😅
@@mohmino4532 haha good luck bro
@@abdonito8254 u too ❤🏃♂️
Haha, I'm so glad it's helpful! I can empathize with the burnout, too, hahaha. I'm sure we all can
Man i need help? In target 🎯 when i inject my payload into the javascript alert pop up 🔝 i tested this with different browsers and OS work all same. But when I inject the payload straight in the url of the target 🎯 its block me from doing that! Like i wanna confirm to validity of this vulnerability what should i do or that it self tells me it’s vulnerable to XSS and i should report it? Can’t wait to get ur advice and answer ❤
I respect the matrix
Can how to find xss in application/json contentype
The process is the same, your goal is to be able to write to the DOM in some way. You need to find user-controlled input that is reflected in the server's response. Then, if possible, you need to find a payload that will allow you to write valid HTML elements to the DOM. Finally, you can injection JavaScript. My next video will be on Client-side Injection Testing and should help a lot!
Great video! Thank you for your efforts! I hope you will succeed!
Is there a way to bypass the encoding of quotation marks in "?
Damn this was a great vid,especially for me that just started learning about web app testing!!
I'm so glad it's helpful!
Thank you arson. This helps a lot.
simply Great Video Arson :)
Can you share your methodology how get dom xss
how often do you find bugs in bug bounty programs?
It's very random and inconsistent. I've made over $15k in a weekend, but I've also spent months testing an app and got nothing. I always say bug bounty hunting is like an Easter Egg Hunt, which is appropriate considering the time I'm posing this, haha! It's not a penetration test, there is a huge amount of luck required in bug bounty hunting to find the vulnerable applications before other researchers do. You can expand your technical skills and build automation to improve your chances, but ultimately there's still a great deal of luck involved. Bug Bounty Hunting is a fantastic way to earn a bit of money while you learn offensive security concepts, but it's not a great choice if you are looking for consistent income.
Great video!
Thanks for the great video
amazing video
upload more like this
The best!
Great stuff
Learning how to weaponise stuff more is great to not be phased by PoC.
Taylor Swift. Hehe. I listen to her sometimes, but usually just when someone else is already playing her. Her long-term music producer, and one of her bodyguards, are fellow Jewish people (I'm mixed, from America, but I live abroad).
nice!
Got a better view of xss
good stuff
Love From Pakistan
But still you can bypass < " '
anyone can help me bypass akami waf :( ? & Thank you sir we miss live videos alot
nice
Thank you so much for such a great contents it really helps.
Sometimes the payload rejected as a string on the page like 'Hi' how does that filtering works, can it be really byepass, i encountered several of this type of filter
Thank you!! It all depends on how the application is sanitizing the input. I'm working on a new video on client-side injections that should help a lot, but as a general rule you will need to bypass one or more of these compensating controls:
1. Cookie Flags
6. Browser Security Headers
2. Content Security Policy (CSP)
3. Web Application Firewall (WAF)
4. Client-Side Validation
5. Server-Side Validation
7. Output Encoding
Great content , I hope you hit 100k subscriber soon , also i hope to make a collaboration if that is possible