sure😅

😅

At this stage it's an html injection so no boundy. Still testing on the end point to find loop holes in the sanitization. This almost worked <<script>script>alert(1)&lt;/script> but script tag is actually properly html encoded. Most of the event handlers like onclick, onerror, onmouseover etc.. are properly sanitized. But still attributes like <a>, <img> can be injected so there might be a loop hole still, targeting the end point.

kzbin.info/aero/PL2K366VwU2XEjLQf7er_dBYgUDA-gyqSb

@@adithyakrishna_v bug bounty malayalathil cheyo real world

No at this stage it's an html injection. Still testing on the end point to find loop holes in the sanitization. This almost worked <<script>script>alert(1)&lt;/script> but script tag is actually properly html encoded. Most of the event handlers like onclick, onerror, onmouseover etc.. are properly sanitized. But still attributes like <a>, <img> can be injected so there might be a loop hole still, targeting the end point.

Let me explain: XSS (Cross-Site Scripting) allows attackers to inject malicious scripts into web pages viewed by other users. In this case, I was able to inject a complete <a> tag along with its attributes, including an unsanitized target attribute, which was not properly filtered. It should have been considered as text. This is my payload: <a target='alert(1)' href='subdoain1.prtswigger-labs.net/xss/xss.php?context=js_string_single&x=%27;eval(name)//'>bug</a> This payload demonstrates a combination attack rather than a direct XSS attack. The primary attack vector here is the misuse of the target attribute, which the application did not properly sanitize. This method reveals a potential vulnerability in handling the target attribute. Regular users can be tricked into following the link to an external site, exploiting the credibility of a legitimate site like Udemy to execute the attack. Ideally, a site like Udemy should not have a vulnerability like this. The goal was to highlight the issues in Udemy's input sanitization, demonstrate how it could be bypassed, and identify the type of sanitization used by a particular website. However, I acknowledge that a more direct approach would have been more effective in emphasizing the XSS vulnerability. Thank you for your feedback, and I am committed to improving my methods.

same thinking bhai :)

😅

Let me explain: XSS (Cross-Site Scripting) allows attackers to inject malicious scripts into web pages viewed by other users. In this case, I was able to inject a complete <a> tag along with its attributes, including an unsanitized target attribute, which was not properly filtered. It should have been considered as text. This is my payload: <a target='alert(1)' href='subdoain1.prtswigger-labs.net/xs s/xss.php?context=js_string_single&x=%27;eval(name)//'>bug</a> This payload demonstrates a combination attack rather than a direct XSS attack. The primary attack vector here is the misuse of the target attribute, which the application did not properly sanitize. This method reveals a potential vulnerability in handling the target attribute. Regular users can be tricked into following the link to an external site, exploiting the credibility of a legitimate site like Udemy to execute the attack. Ideally, a site like Udemy should not have a vulnerability like this. The goal was to highlight the issues in Udemy's input sanitization, demonstrate how it could be bypassed, and identify the type of sanitization used by a particular website. However, I acknowledge that a more direct approach would have been more effective in emphasizing the XSS vulnerability. Thank you for your feedback, and I am committed to improving my methods.

@@adithyakrishna_v This type. Called self xss.. If you increase the impact then this could be valid. Your payload got fired another domain.

@@abdulx01 Let me explain: It is an indirect or Cross-Context XSS and not Self-XSS . Cross-Context XSS involves using a trusted site (Udemy) to inject a payload that redirects and executes on another site. The primary vulnerability here is the lack of proper attribute sanitization by Udemy, allowing the crafting of such a payload. In self-XSS attacker tricks the user into executing malicious scripts in their own browser. Typically, this involves convincing the user to paste malicious code into the browser’s console or into a form on a trusted website.

@@adithyakrishna_v chat gpt to thik se use kar le bhai

lea - address, mov - value So in the above case, lea rax, [rbp+s] ; effective address of the memory location [rbp + s] loaded into the register rax. mov rdi, rax ; moves the value in the register rax into the register rdi rbp + var_40 : rbp is the base pointer, var_40 is an offset, a constant value. if rbp is currently pointing to the address 0x7FFFFFFF0000 and var_40 is 0x10, the effective address would be: 0x7FFFFFFF0000+0x10=0x7FFFFFFF0010 So in 'mov [rbp+var_40], eax' moves the value in the register eax into the memory location [rbp + var_40] ' mov eax, [rbp+var_44]' the register eax will contain the value located at the address rbp + var_44.

Athe

Sure

There are many apps available online and offline. You can even use AI voice-over

Sure

Always right👍

Thank you

Streamlabs