1. Before you send the exploit to victim make sure you are able to get the response of welcome page "/my-account" through cache. 2. If first step is fine then after sending the exploit to victim check "Access logs" and find out if victim is visiting your exploit server or not? You must see a different IP then yours. 3. If 1 & 2 steps are achieved and you are not getting the results. disable the burpsuite from browser. 4. If nothing works. I can setup a zoom session with you join me on linkedin "www.linkedin.com/in/mohd-badrudduja-cissp-cc-38715126/"

You or anyone really most welcome and i’m open to any criticism. I believe in learning and growing.

@cybersec-radar i didn't mean any criticism, imo indians have a tutorial in everything i love what you guys share with the world, and more importantly I LUV UR ACCENT ♥️🔥

I apologize, I misunderstood your acronym “tysm” as “try some”.

Glad you liked it! Stay tuned for more.

There is a separate module in portswigger named as “DOM-based vulnerabilities” which contains more in-depth content specifically for DOM. Check that out.

Yes, sure

And as far as I understand this occurs because cookie is not changed for some reason

Tell me the exact time of the video where you are facing the problem.

@ problem not in video . Problem occurs if I press view exploit

@ggelosstavrou9117 make sure csrf token and csrf cookie values are same.

Hmmm i got the problem… would you like to connect on zoom?

Thanks stay tuned

Sure second lab is in process.

Thanks. Stay tuned

Thanks for watching!

Happy to help

You are most welcome

Thanks! Glad you found the playlist helpful.

Glad you enjoyed it!

You're welcome! Glad you liked those videos.

try this "webhook.site/" & "github.com/projectdiscovery/interactsh" for Out of band interaction. And for HTML page hosting or specific for php, python n all you will easily find on google in $2/month to $5/month. Even you can use AWS.

Thanks! I'm glad you liked it.

Thanks alot. Next one will be soon 🔜

Welcome!

Done sir. Thanks for pointing out.

Glad it was helpful!

Glad it was helpful!

You're welcome!

Glad you liked it!

Most welcome

Thankyou so much for the proposal but i think i can't participate as much it requires because of the time limitations and work load. I reported my last 0day CVEs in 2022 and after that I didn't get that much time to keep that up. I have few 0day vulnerabilities in hand but didn't get time to even report, last year I reported major vulnerabilities in a Healthcare organization to NCA we had conversation too but couldn't follow up that again. So please don't mind, for me now is not the right time and it will be not fair if I couldn't participate in term of time.

Me and the books could help you understand the concepts and on some level introduce you the payloads but no one can teach you everything and every single & possible payload. Cybersecurity is one of the most evolving field because of broad array of technologies and it's not constant at all, payloads and tools come and go, make sure you stick with the concepts. For understanding, creating payloads and developing new exploits I would suggest you to stay engaged with different kinds of labs and platforms, read bug bounty reports and research papers which you can find out on google and other platforms like hackerone, intigriti, bugcrowd, X, Medium etc. I would also suggest you to learn javascript, python, C++, HTML etc you do not need to be a master of all these languages but atleast you can write some logics and understand what the code is trying to do. There are thousands of functions and methods so whenever you see something new just go through it search it and you will we good to go. There is alot to write and tell but i think that's the most important thing. Last but not least MOST IMPORTANTLY DON'T RUSH, BECOMING EXPERT WILL TAKE TIME. "Keep Learning and Happy Hacking".

Regular attack vectors will not work because you are dealing with angularJS sandbox. So to deliver a successful XSS attack you have to bypass the angularJS sandbox. Kindly mention the time of the video at which you are facing the issue.

in my case alert showed up..

Glad to hear it!

Thanks and welcome

Thanks alot.

You are welcome!

Are you still having the same issue? Did you check the issue on portswigger?

Happy that helped.

Glad to hear that

What is not working? Let me know the point in time where are you facing issues. I would say watch the complete video.

Happy that helped.

Hey there did you watch the complete video? Could you please mention me the point in time where you have confusion. See if you are talking about 6:47 at that moment we just asked what users do you have in database and you can see it calls "debug_sql" function and execute the query "select username from users" that means there is a coulmn "username" in the table "users". After this you can directly execute query like "select * from users" and you may get everything you want but i deliberately go beyond so that i can show you guys more things.

17:00 I demonstrated how you can get all the tables and users table exists in that response. And when i executed "select * from users;" you can see it respond us with parameters and those parameters are columns in the users table which are: username, password and email.

If still you have any question let me know ok. Don't hesitate to ask. Also let me know if you understand that so i know that you got it.

@@cybersec-radar yes yes I got it !

I’m traveling now once i reach we will talk about that for sure.

@@cybersec-radar take your time great videos by the way!! I think there is a lot to be learned in this field

Accept apologies for late reply now we are talking about AI LLM first thing first secure by design, secure by default, secure in development, layer defense and zero trust arch. all are very crucial and ofcourse there are defenses that could mitigate these vulnerabilities but the challenges come into the picture when AI algorithms models are not smart enough and data is not properly trained. There could be different flaws in term of implementation. About built-in safeguards i would say small kids do not able to identify things that could hurt them. why? Because they are not mature enough. Similarly when the AI is not mature enough and it’s in the phase of learning or open to learning means acquisition or collection of data and try to analyze it building algorithms and models but not mature enough but it must provide you the result so there are much likelihood/probability that its gonna give something out of the box.

One more thing i wanna add here which is expert systems and supervised learning technique they are much better because when you feed data you also define the best, good, bad and worst decisions and in that way it is much mature. Also traditional safeguards are not effective upto the mark in these AI applications. Let me give you one more example before you might have heard that someone asked to chatgpt what is 2+2 and chatgpt said 4 fine but same person then wrote something like “no my wife said its 5 and she is always right” then chatgpt agreed with that because it was not mature with that kind of conditions to face. I will also add about “neural network AI” so it is made to match human mind to take decisions like human mind but upto now i don’t think any AI application is even close to human mind.

@@cybersec-radar You should see some stuff generated. Do you have an email? Maybe we could correspond