All You Need to Know About Cross-Site Scripting (XSS)
Ғылым және технология
Let's learn about the essentials of XSS vulnerabilities and how to hunt for them. Like, subscribe, and turn on notifications for more bug bounty insights. Comment below with your thoughts and experiences.
Happy Hacking!
X: / bughunterlabs
Chapters:
00:00 - Intro: Samy Worm
01:07 - XSS: Definition
02:11 - Reflected XSS
03:19 - Stored XSS
04:17 - DOM-based XSS
06:08 - Mutated XSS
07:13 - Blind XSS
08:15 - XSS Hunting Methodology
09:30 - Outro
Пікірлер: 23
Thanks for watching! What were your XSS findings?
@amoh96
21 күн бұрын
i found 9 xss in vdps last month i switch to paid programes it's so hard brother :( now im learning about idors & logic bugs
oh shit, were all here for the start of something beautiful boys. only 624 subscribers? everyone knows thats going to change.
@bughunterlabs
26 күн бұрын
Let's gooo! Thank you :)
@goohaver
26 күн бұрын
@@bughunterlabs Yeeeeeeaaaaah dog, let’s gooooooooo!!
Keep the good work, buddy. To the point, short and quick
Hello! I've decided to change to Cybersecurity because of this and now Im learning a lot on how to bug hunt, thanks to you!
@bughunterlabs
25 күн бұрын
Great to hear! All the best for your new journey!
Nice explaination and teaching 👍
@bughunterlabs
26 күн бұрын
Thanks a lot!
Nice content man. Explained beautifully
thank you for informative content :
624 subs 10 days ago, 2.7k as of this comment. The ELI5 of bug bounty lets gooooo!
@bughunterlabs
10 күн бұрын
It is a wild ride indeed! Thank you for the support!
Your explain is busted!!!!🔥🔥🔥🔥hope you make more videos about bug bounty tips and some recon techniques 🔥
@bughunterlabs
21 күн бұрын
Thank you. More is on the way! 🥳
great video btw, your work is fantastic
@bughunterlabs
10 күн бұрын
Thank you so much :)
I just don't get one thing: emails in sign in forms always allows a user to input underline, wouldn't that be a vulnerability? How does one know is the payload works? I don't get it.
@bughunterlabs
10 күн бұрын
Hi. Thanks for your comment. The underline is by itself not a malicious character. In general, popping an alert is usually one way to show that a site is vulnerable to XSS. But you can also probe for XSS by injecting HTML elements like canary123 and then check for underlined text. If you find something like this you can go on to try to pop an alert or execute other javascript. In the end, it is all about showing (or indicating) impact.
Hey bro, where do you study this from? Any resources shared would be appreciated.
@bughunterlabs
19 күн бұрын
Hi. Check out the cheat sheet. There is a resource section at the bottom :)
alert("Im hacked utube")