Awesome editing and explanations on this channel, thanks man! Can you please do one about chaining simple attacks like CSRF, open redirects, reflected xss etc to make them higher impact?
@RustysAdventures19 күн бұрын
I was almost ready to click the link and read that report haha. Anyways, great video as always
@The_reaperBH22 күн бұрын
Clean explain!🔥🔥🔥keep it up🔥🔥🔥
@thechannelofmine24 күн бұрын
Quality content as always, Please go more in depth in the future, You are already special with your quality and clear explanation, we need explanation like this for critical bugs report disclosed on hackerOne that are complex and advanced not tipical bugs.
@whateveritis025 күн бұрын
The cheat sheet is really helpful,❤
@l00pzwastaken26 күн бұрын
You haha as always good video I see update in editing too nice 👍
@anonraxor31726 күн бұрын
cheat sheet link not working' or '1'='1--
@bughunterlabs26 күн бұрын
Hi. It seems to work for me? Did you try: bit.ly/sqli_cheat_sheet
@anonraxor31726 күн бұрын
@@bughunterlabs This content does not exist
@anonraxor31726 күн бұрын
@@bughunterlabs This content does not exist
@geniusesml370027 күн бұрын
as always GREAT keep up the good work waiting for more videos and bugs
@qui114127 күн бұрын
great videos, keep it up!!! 🤗
@bughunterlabs26 күн бұрын
Thank you!! 😁
@mnageh-bo1mm27 күн бұрын
CSRF is no longer a thing since 2021 🙄🙄🙄🙄
@bughunterlabs26 күн бұрын
Thanks for your comment! While it's true that modern security measures like SameSite cookies have made CSRF attacks more difficult, they haven't eliminated the threat entirely. Some applications still have vulnerabilities due to misconfigurations or legacy systems. That's why bug bounty hunters need to stay informed. Appreciate your input!
@cryptikbyte27 күн бұрын
Bro what's up??
@bughunterlabs26 күн бұрын
Not much! What's up? Learning more about CSRF :)
@cryptikbyte26 күн бұрын
@@bughunterlabs Can you recommend me some books
@umniwaysАй бұрын
Keep the good work, buddy. To the point, short and quick
@ForexStorytellerАй бұрын
Soooooo, in all these videos I'm watching, the core idea is this: if it exists in a connection on the internet, your job is to find a way to "manipulate" or even take over it, in a nutshell. So if you can't copy, you find a way to be able to for example. How doesn't matter, just make sure to alert the compay and not continue to manipulate it, the difference in good and evil? And thats all the job description really is?
@bughunterlabsАй бұрын
Hi, thanks for your comment! Bug bounty platforms are a bit different from what you described: Bug bounty platforms connect companies with ethical hackers who look for security vulnerabilities in their systems. These hackers, often called "bug bounty hunters," are rewarded for identifying and responsibly disclosing bugs or security issues. The goal is to help companies fix vulnerabilities before malicious hackers can exploit them. But it does not always have to be a company/target in a bug bounty platform. There are programs not tied to any platform (for example, apple, google, meta). You can have a look at security.txt. It is a proposed standard for websites to provide information on their security policies and how to report security issues. It helps ethical hackers know who to contact and how to report vulnerabilities responsibly. In short, ethical hacking is about finding and reporting issues to improve security, not exploiting them. The difference between good and evil lies in the intent and actions taken after discovering a vulnerability. Tread lightly and stay ethical ;)
@touhidulshawanАй бұрын
struggling to find programs to find BAC bugs :(
@bughunterlabsАй бұрын
Which programs have you looked into so far?
@touhidulshawanАй бұрын
@@bughunterlabs front, frontegg,freshworks from hackerone and some others from other platform.
@touhidulshawan28 күн бұрын
@@bughunterlabs front, frontegg, freshworks from hackerone and some programs from other platform
@Gifted_SayanАй бұрын
Thanks sir.
@user-zn9oj4vf5qАй бұрын
<script>alert("Im hacked utube")</script>
@confusionofdahighestorda668Ай бұрын
Nice video bro
@mtthsgrrАй бұрын
I'll not say this again kid: where are the half an hour/hour long videos? I need this on my table asap otherwise you're fired
@bughunterlabsАй бұрын
Haha. These videos take a long time to make. I will have a look at how I can get to 1 hour.
@mtthsgrrАй бұрын
great video btw, your work is fantastic
@bughunterlabsАй бұрын
Thank you so much :)
@mtthsgrrАй бұрын
I just don't get one thing: emails in sign in forms always allows a user to input underline, wouldn't that be a vulnerability? How does one know is the payload works? I don't get it.
@bughunterlabsАй бұрын
Hi. Thanks for your comment. The underline is by itself not a malicious character. In general, popping an alert is usually one way to show that a site is vulnerable to XSS. But you can also probe for XSS by injecting HTML elements like <u>canary123<\u> and then check for underlined text. If you find something like this you can go on to try to pop an alert or execute other javascript. In the end, it is all about showing (or indicating) impact.
@JonMurrayАй бұрын
Great video man. New subscriber ✌🏻
@Flipper201Ай бұрын
624 subs 10 days ago, 2.7k as of this comment. The ELI5 of bug bounty lets gooooo!
@bughunterlabsАй бұрын
It is a wild ride indeed! Thank you for the support!
@tybronx2446Ай бұрын
I just recently started studying insects... I got really excited and then really disappointed by this video 😂
@bughunterlabsАй бұрын
The real bug hunter channel is coming soon :P
@the-beagle888Ай бұрын
This video is pure gold
@domelessanne6357Ай бұрын
thank you for informative content :
@thechannelofmineАй бұрын
Such a high quality content, keep it up!
@ytg6663Ай бұрын
I dont think language matters in tool development.. Gone are the days of Backtrack 4 or 5 when most tools used to be in bash script. 😅
@misero1Ай бұрын
Awesome videos you got here im loving the format you got keep up the awesome work. As someone studying cybersec for red team and pentestibg purposes its a great resource.
@codesplit7175Ай бұрын
This is the best KZread Channel
@QR5-cyber-expАй бұрын
Great work - very clear and well communicated.
@GOD-jq2dtАй бұрын
Can i connect with you on twitter
@bughunterlabsАй бұрын
Yes, go ahead
@TheRealVegapunkАй бұрын
Now does it differ from nmap?
@bughunterlabsАй бұрын
It's faster as far as I know. But it doesn't have the added functionality, like the scripts and other detections.
@TheRealVegapunkАй бұрын
Hey bro, where do you study this from? Any resources shared would be appreciated.
@bughunterlabsАй бұрын
Hi. Check out the cheat sheet. There is a resource section at the bottom :)
@Horo-oe9yuАй бұрын
Coming back to cybersec after a 3 month break, ur videos are indeed worth watching. You definitely earned a subscribtion!
@bughunterlabsАй бұрын
Thanks a lot :)
@GiotheasyАй бұрын
meh sql injection is shitty php code only
@Free.Education786Ай бұрын
Please cover Ghauri for time based blind SQL injection using only http request with http headers and without headers using custom headers like x-forward-for or similar private headers. Technique also bypass WAF. Hope to see it soon. Thanks 🎉❤
@kanchhasinhaАй бұрын
amazing explanation
@RustysAdventuresАй бұрын
Nice content man. Explained beautifully
@CyberCrackSpoilАй бұрын
clear and understanding, thanks <3
@bughunterlabsАй бұрын
Glad it helped!
@IncomeMenuАй бұрын
Bro this content is golden. However i feel like you need to work on the thumbnails
@bughunterlabsАй бұрын
Thank you. How would you improve the thumbnails?
@arijit1472Ай бұрын
Great video with Catchy thumbnail. Keep it up man 👍
@MustafaGainsАй бұрын
Great content
@carsonjamesiv2512Ай бұрын
COOL!😀😃😎👍
@st3alth_chased643Ай бұрын
Yeah , sometimes sql injection occurs in cookie and user-agent..
@gauravkesharwani5557Ай бұрын
Great Explanation
@bughunterlabsАй бұрын
Glad you liked it
@xcalibur305Ай бұрын
bro dropin off some very useful tips🔥🔥🔥
@bughunterlabsАй бұрын
🔥🔥🔥
@elkhaddariachraf6772Ай бұрын
Clear and concise. Thanks
@bughunterlabsАй бұрын
Welcome!
@abhisheksinha9719Ай бұрын
Please make a video on SSRF to gain metadata
@abhisheksinha9719Ай бұрын
Best video I ever watched
@firzainsanudzaky3763Ай бұрын
hey man, if i dont have burpsuite pro do you think its worth more to focus to sql, ssrf, xss ,or what ? i've found idor and xss bug but xss is out of scope
@bughunterlabsАй бұрын
Don't buy Burp Suite Pro until your bounties cover it. There are free tools for everything you need to do out there. Have a look at ZAP and Caido as well. You can even find sql, ssrf, xss with curl and developer tools :)
Пікірлер
Awesome editing and explanations on this channel, thanks man! Can you please do one about chaining simple attacks like CSRF, open redirects, reflected xss etc to make them higher impact?
I was almost ready to click the link and read that report haha. Anyways, great video as always
Clean explain!🔥🔥🔥keep it up🔥🔥🔥
Quality content as always, Please go more in depth in the future, You are already special with your quality and clear explanation, we need explanation like this for critical bugs report disclosed on hackerOne that are complex and advanced not tipical bugs.
The cheat sheet is really helpful,❤
You haha as always good video I see update in editing too nice 👍
cheat sheet link not working' or '1'='1--
Hi. It seems to work for me? Did you try: bit.ly/sqli_cheat_sheet
@@bughunterlabs This content does not exist
@@bughunterlabs This content does not exist
as always GREAT keep up the good work waiting for more videos and bugs
great videos, keep it up!!! 🤗
Thank you!! 😁
CSRF is no longer a thing since 2021 🙄🙄🙄🙄
Thanks for your comment! While it's true that modern security measures like SameSite cookies have made CSRF attacks more difficult, they haven't eliminated the threat entirely. Some applications still have vulnerabilities due to misconfigurations or legacy systems. That's why bug bounty hunters need to stay informed. Appreciate your input!
Bro what's up??
Not much! What's up? Learning more about CSRF :)
@@bughunterlabs Can you recommend me some books
Keep the good work, buddy. To the point, short and quick
Soooooo, in all these videos I'm watching, the core idea is this: if it exists in a connection on the internet, your job is to find a way to "manipulate" or even take over it, in a nutshell. So if you can't copy, you find a way to be able to for example. How doesn't matter, just make sure to alert the compay and not continue to manipulate it, the difference in good and evil? And thats all the job description really is?
Hi, thanks for your comment! Bug bounty platforms are a bit different from what you described: Bug bounty platforms connect companies with ethical hackers who look for security vulnerabilities in their systems. These hackers, often called "bug bounty hunters," are rewarded for identifying and responsibly disclosing bugs or security issues. The goal is to help companies fix vulnerabilities before malicious hackers can exploit them. But it does not always have to be a company/target in a bug bounty platform. There are programs not tied to any platform (for example, apple, google, meta). You can have a look at security.txt. It is a proposed standard for websites to provide information on their security policies and how to report security issues. It helps ethical hackers know who to contact and how to report vulnerabilities responsibly. In short, ethical hacking is about finding and reporting issues to improve security, not exploiting them. The difference between good and evil lies in the intent and actions taken after discovering a vulnerability. Tread lightly and stay ethical ;)
struggling to find programs to find BAC bugs :(
Which programs have you looked into so far?
@@bughunterlabs front, frontegg,freshworks from hackerone and some others from other platform.
@@bughunterlabs front, frontegg, freshworks from hackerone and some programs from other platform
Thanks sir.
<script>alert("Im hacked utube")</script>
Nice video bro
I'll not say this again kid: where are the half an hour/hour long videos? I need this on my table asap otherwise you're fired
Haha. These videos take a long time to make. I will have a look at how I can get to 1 hour.
great video btw, your work is fantastic
Thank you so much :)
I just don't get one thing: emails in sign in forms always allows a user to input underline, wouldn't that be a vulnerability? How does one know is the payload works? I don't get it.
Hi. Thanks for your comment. The underline is by itself not a malicious character. In general, popping an alert is usually one way to show that a site is vulnerable to XSS. But you can also probe for XSS by injecting HTML elements like <u>canary123<\u> and then check for underlined text. If you find something like this you can go on to try to pop an alert or execute other javascript. In the end, it is all about showing (or indicating) impact.
Great video man. New subscriber ✌🏻
624 subs 10 days ago, 2.7k as of this comment. The ELI5 of bug bounty lets gooooo!
It is a wild ride indeed! Thank you for the support!
I just recently started studying insects... I got really excited and then really disappointed by this video 😂
The real bug hunter channel is coming soon :P
This video is pure gold
thank you for informative content :
Such a high quality content, keep it up!
I dont think language matters in tool development.. Gone are the days of Backtrack 4 or 5 when most tools used to be in bash script. 😅
Awesome videos you got here im loving the format you got keep up the awesome work. As someone studying cybersec for red team and pentestibg purposes its a great resource.
This is the best KZread Channel
Great work - very clear and well communicated.
Can i connect with you on twitter
Yes, go ahead
Now does it differ from nmap?
It's faster as far as I know. But it doesn't have the added functionality, like the scripts and other detections.
Hey bro, where do you study this from? Any resources shared would be appreciated.
Hi. Check out the cheat sheet. There is a resource section at the bottom :)
Coming back to cybersec after a 3 month break, ur videos are indeed worth watching. You definitely earned a subscribtion!
Thanks a lot :)
meh sql injection is shitty php code only
Please cover Ghauri for time based blind SQL injection using only http request with http headers and without headers using custom headers like x-forward-for or similar private headers. Technique also bypass WAF. Hope to see it soon. Thanks 🎉❤
amazing explanation
Nice content man. Explained beautifully
clear and understanding, thanks <3
Glad it helped!
Bro this content is golden. However i feel like you need to work on the thumbnails
Thank you. How would you improve the thumbnails?
Great video with Catchy thumbnail. Keep it up man 👍
Great content
COOL!😀😃😎👍
Yeah , sometimes sql injection occurs in cookie and user-agent..
Great Explanation
Glad you liked it
bro dropin off some very useful tips🔥🔥🔥
🔥🔥🔥
Clear and concise. Thanks
Welcome!
Please make a video on SSRF to gain metadata
Best video I ever watched
hey man, if i dont have burpsuite pro do you think its worth more to focus to sql, ssrf, xss ,or what ? i've found idor and xss bug but xss is out of scope
Don't buy Burp Suite Pro until your bounties cover it. There are free tools for everything you need to do out there. Have a look at ZAP and Caido as well. You can even find sql, ssrf, xss with curl and developer tools :)