Mate i have question if you have good knowledge in security domain why you are working as developer tho ?
@user-zm6ld2qq8p5 сағат бұрын
Bro that's nice explanation Can. You make more videos on how to find other vulnerability too your approach on real bug bounty target
@mineter78877 сағат бұрын
why? i just wanted to inform you
@user-iy6wj3rh3p7 сағат бұрын
🎉
@sojujaimon98477 сағат бұрын
🎉🎉
@sairavuri55852 күн бұрын
How much bounty gain ?
@naveen10012 күн бұрын
Bro that was no real XSS
@dummy94223 күн бұрын
Video is pretty good. But can you please stop saying "see" so frequently. It's little bit irritating
@adithyakrishna_v10 сағат бұрын
sure😅
@nadhilan21874 күн бұрын
nice do more videos.add more tips while hunting
@vincenzonocerino4 күн бұрын
can you help me please with an easy file exe?
@1hehaq5 күн бұрын
polayadi mone 😌🤍
@Snso1i6 күн бұрын
Lowdey start from Basic
@anirudhe_s2026 күн бұрын
nine suresh gopi kondu povum😅 nice video
@adithyakrishna_v5 күн бұрын
😅
@infhhbv6 күн бұрын
Bro can you share, where you have submitted and how was bounty for same?
@adithyakrishna_v5 күн бұрын
At this stage it's an html injection so no boundy. Still testing on the end point to find loop holes in the sanitization. This almost worked <<script>script>alert(1)</script> but script tag is actually properly html encoded. Most of the event handlers like onclick, onerror, onmouseover etc.. are properly sanitized. But still attributes like <a>, <img> can be injected so there might be a loop hole still, targeting the end point.
@@adithyakrishna_v bug bounty malayalathil cheyo real world
@rangila238 күн бұрын
u wont get xss on main site.. u should try every parameter u see or try fetch some hidden parameter..than only u can.. but still everyone hunting on it so bigger chance u get dup
@z-root89558 күн бұрын
Bruuh come on 😂 xss on portswigger
@rashidyaseen62709 күн бұрын
So did you earnt something for this
@adithyakrishna_v8 күн бұрын
No at this stage it's an html injection. Still testing on the end point to find loop holes in the sanitization. This almost worked <<script>script>alert(1)</script> but script tag is actually properly html encoded. Most of the event handlers like onclick, onerror, onmouseover etc.. are properly sanitized. But still attributes like <a>, <img> can be injected so there might be a loop hole still, targeting the end point.
@abdulx0110 күн бұрын
Firstly I was totally sock to see your xss on udyme. 😅 Bro first you need learn xss to teach us. Noob boi 😅
@adithyakrishna_v10 күн бұрын
Let me explain: XSS (Cross-Site Scripting) allows attackers to inject malicious scripts into web pages viewed by other users. In this case, I was able to inject a complete <a> tag along with its attributes, including an unsanitized target attribute, which was not properly filtered. It should have been considered as text. This is my payload: <a target='alert(1)' href='subdoain1.prtswigger-labs.net/xss/xss.php?context=js_string_single&x=%27;eval(name)//'>bug</a> This payload demonstrates a combination attack rather than a direct XSS attack. The primary attack vector here is the misuse of the target attribute, which the application did not properly sanitize. This method reveals a potential vulnerability in handling the target attribute. Regular users can be tricked into following the link to an external site, exploiting the credibility of a legitimate site like Udemy to execute the attack. Ideally, a site like Udemy should not have a vulnerability like this. The goal was to highlight the issues in Udemy's input sanitization, demonstrate how it could be bypassed, and identify the type of sanitization used by a particular website. However, I acknowledge that a more direct approach would have been more effective in emphasizing the XSS vulnerability. Thank you for your feedback, and I am committed to improving my methods.
@krrishogx8 күн бұрын
same thinking bhai :)
@it070vijaysingh210 күн бұрын
Xss portswigger lab ka h 😂😂, pag al mt bnaoo logo ko
@abdulx0110 күн бұрын
😅
@adithyakrishna_v10 күн бұрын
Let me explain: XSS (Cross-Site Scripting) allows attackers to inject malicious scripts into web pages viewed by other users. In this case, I was able to inject a complete <a> tag along with its attributes, including an unsanitized target attribute, which was not properly filtered. It should have been considered as text. This is my payload: <a target='alert(1)' href='subdoain1.prtswigger-labs.net/xs s/xss.php?context=js_string_single&x=%27;eval(name)//'>bug</a> This payload demonstrates a combination attack rather than a direct XSS attack. The primary attack vector here is the misuse of the target attribute, which the application did not properly sanitize. This method reveals a potential vulnerability in handling the target attribute. Regular users can be tricked into following the link to an external site, exploiting the credibility of a legitimate site like Udemy to execute the attack. Ideally, a site like Udemy should not have a vulnerability like this. The goal was to highlight the issues in Udemy's input sanitization, demonstrate how it could be bypassed, and identify the type of sanitization used by a particular website. However, I acknowledge that a more direct approach would have been more effective in emphasizing the XSS vulnerability. Thank you for your feedback, and I am committed to improving my methods.
@abdulx0110 күн бұрын
@@adithyakrishna_v This type. Called self xss.. If you increase the impact then this could be valid. Your payload got fired another domain.
@adithyakrishna_v10 күн бұрын
@@abdulx01 Let me explain: It is an indirect or Cross-Context XSS and not Self-XSS . Cross-Context XSS involves using a trusted site (Udemy) to inject a payload that redirects and executes on another site. The primary vulnerability here is the lack of proper attribute sanitization by Udemy, allowing the crafting of such a payload. In self-XSS attacker tricks the user into executing malicious scripts in their own browser. Typically, this involves convincing the user to paste malicious code into the browser’s console or into a form on a trusted website.
@The_ancestor_of_Mars_humans8 күн бұрын
@@adithyakrishna_v chat gpt to thik se use kar le bhai
@bugbouty10 күн бұрын
bro make a video about how to use sqlmap tamper scripts for bypass waf
@sojujaimon984711 күн бұрын
Avasam face kanikkane thodangiyalle nalla kariyam English Velliya problem Ella Keep going🎉🎉🎉
@DeborahGPetenАй бұрын
Genius Sir. I would like to you mentor me in my journey. You have a brilliant mind. Please I would be grateful being your mentee
@sojujaimon98472 ай бұрын
Enn Makane
@anandhuorg1774 ай бұрын
✌️✌️
@adityakiddo65544 ай бұрын
how you assumed flag is in static ?
@maxmuster70034 ай бұрын
lea ecx, [msg] ; load offset address into ecx, no memory access mov ecx, OFFSET msg ; load offset address into ecx, no memory accress = same result, but execute from an other part of the CPU mov [rbp+var_44], eax ; write content of eax into memory of the stack-segment ss:rbp+var_44, because of using rbp as an address register, default SS
@jephinjohn16955 ай бұрын
Brilliant!
@23_aruns107 ай бұрын
😊
@anandhuorg1777 ай бұрын
😮
@shadowelite-sec8 ай бұрын
bro ingane vannalo lea rax, [rbp+s] ; rbp+s cheythal kittuna address ano ? mov rdi, rax ; and evide athinte value ano varuka ? also mov [rbp+var_40], eax mov eax, [rbp+var_44] ingane okke vannalo ? please replay
@adithyakrishna_v7 ай бұрын
lea - address, mov - value So in the above case, lea rax, [rbp+s] ; effective address of the memory location [rbp + s] loaded into the register rax. mov rdi, rax ; moves the value in the register rax into the register rdi rbp + var_40 : rbp is the base pointer, var_40 is an offset, a constant value. if rbp is currently pointing to the address 0x7FFFFFFF0000 and var_40 is 0x10, the effective address would be: 0x7FFFFFFF0000+0x10=0x7FFFFFFF0010 So in 'mov [rbp+var_40], eax' moves the value in the register eax into the memory location [rbp + var_40] ' mov eax, [rbp+var_44]' the register eax will contain the value located at the address rbp + var_44.
@shadowelite-sec8 ай бұрын
Hi, bro malayalie alle ?
@adithyakrishna_v7 ай бұрын
Athe
@SirOmarTorres9 ай бұрын
Great video, thanks for showing us.
@thedapperegg68910 ай бұрын
Thank you
@vijithselvakumar632811 ай бұрын
disassembler engane aanu undakkunnath ennethinepatti oru video undakkamo sir
@adithyakrishna_v10 ай бұрын
Sure
@addey-wg3rp11 ай бұрын
How you did the voiceover .?
@adithyakrishna_v11 ай бұрын
There are many apps available online and offline. You can even use AI voice-over
@RichardDonahue-xz8ek11 ай бұрын
Nice video, I regularly use wayback machine as well!