3 ай бұрын
5 ай бұрын
6 ай бұрын
6 ай бұрын
6 ай бұрын
7 ай бұрын
7 ай бұрын
8 ай бұрын
8 ай бұрын
10 ай бұрын
Пікірлер
@DeepGopalSaha 4 күн бұрын
This payload also works in django means python framework ig
@georgiostsakoumakis7754 2 күн бұрын
Django doesn't use that syntax, this is ruby on rails
@DevSecHacker 13 сағат бұрын
book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injection
@musababdelmoneim4842 6 күн бұрын
This vulnerability and can we report it if we find it and also please video for check heroku key
@DevSecHacker 6 күн бұрын
You can report it, but whether you receive a bounty depends on the company's policy. Some companies will offer bounties, while others may not consider it based on their guidelines.
@ferasalfarsi897 9 күн бұрын
Thank you for this video.
@DevSecHacker 9 күн бұрын
Welcome. Stay subscribed to get more videos
@pulkitsrivastava9e-389 10 күн бұрын
Please make a full video once
@DevSecHacker 10 күн бұрын
I have already made it. It's available in the channel. OR here is the link for full video. kzbin.info/www/bejne/eXjEk5hoZsRkapo
@insomaniac8995 17 күн бұрын
Nice explanation 👍🏼
@DevSecHacker 17 күн бұрын
Thanks
@RamaraoInfo 17 күн бұрын
Hi bro, I need your help bro, Can you help me please regarding the pen testing only.
@DevSecHacker 17 күн бұрын
Shoot out an e-mail to [email protected]
@elbrayan_507 19 күн бұрын
Thanks, great video and explanation
@DevSecHacker 19 күн бұрын
Welcome 🤗
@flowersareyellow Ай бұрын
Do you think this tool is good for future career?
@DevSecHacker Ай бұрын
It is good for a career only. Because whatever the tools come into the picture finally a human intelligence should validate the accuracy of threats or findings. The advantage of it is we can make the threat modeling process faster and efficient.
@songsxmashup Ай бұрын
very nice explained simple brother its very simple thanks a lot ya ahhh!
@DevSecHacker Ай бұрын
Thank you
@kirindev Ай бұрын
thank you very much what name of tools ?
@DevSecHacker Ай бұрын
Burpsuite pro
@kirindev Ай бұрын
@@DevSecHacker thank you
@binaynayak1720 Ай бұрын
How to edit the Trust zone?
@DevSecHacker Ай бұрын
Right click on trust zone and edit
@souravchakraborty3872 Ай бұрын
Do we need to study DSA for code review round ? or if the interviewer gives a code snippet and requests me to complete the incomplete code so how is the complexity of code in those case like is the code related complex DSA topics or some basic code snippet?
@DevSecHacker Ай бұрын
No need to study DSA. They won't ask. They will give vulnerable code snippets like below. You just need to identify vulnerabilities based on the code. github.com/yeswehack/vulnerable-code-snippets The above one is an example of vulnerable code snippets which are available in github.
@souravchakraborty3872 Ай бұрын
@@DevSecHacker ok thanks for the resources, and if they ask us to complete incomplete code then it would be a basic code like the one you gave on GitHub right?
@DevSecHacker Ай бұрын
In general they won't ask us to complete the incomplete code. Since they will only check the understanding levels of code and how we are able to identify the vulnerabilities in it. Secure code review capabilities they will check since we need to do secure code review as a one of the responsibility in day to day work.
@newuser2474 Ай бұрын
Nice video but voice is not clear
@DevSecHacker Ай бұрын
Thanks for the comment. I will change the voice setting next time
@cutehack99yt. 2 ай бұрын
Voice not clear brother I recommend to adjust it
@DevSecHacker 2 ай бұрын
Sure. Thanks
@cutehack99yt. 2 ай бұрын
Nice
@DevSecHacker 2 ай бұрын
Thanks
@sybex200 2 ай бұрын
fdfdf
@sybex200 2 ай бұрын
Let's say i just finished my pentest exam, and i have taken 60 screenshots. Can you explain how to implement them, and what do i have to modify in the report, to be related to what i found during the exam ? Any other explanations are welcome. I am a beginner, and i still don't know how to make a pentest report, after finishing a penetration testing exam.Thank you.
@DevSecHacker 2 ай бұрын
Ok
@sybex200 2 ай бұрын
@@DevSecHacker Please give more details on my question.
@RamaraoInfo 2 ай бұрын
Hi bro, Can I have your contact details please, I would like to connect with regarding mobile PT please
@cherrycherry-zs7qj 2 ай бұрын
Explanation in this video is great. Keep doing good videos like this.
@DevSecHacker 2 ай бұрын
Thanks, will do!
@eyezikandexploits 2 ай бұрын
i wish finding these bugs where as easy as this lab
@DevSecHacker 2 ай бұрын
Absolutely yes.
@eyezikandexploits 2 ай бұрын
keep it up man, do you have a discord?
@DevSecHacker 2 ай бұрын
Nope
@TheCyberWarriorGuy 3 ай бұрын
:)
@uttarkhandcooltech1237 3 ай бұрын
thank you i am new subscriber
@DevSecHacker 3 ай бұрын
Thanks for subscribing! And please do like also, so that it can recommend to more people who want to know.
@uttarkhandcooltech1237 3 ай бұрын
@@DevSecHacker can u share use more about account takeover bug throw id parameter Sqli in id parameter
@DevSecHacker 3 ай бұрын
Sure. Let me add that into my upcoming list
@Anonymous-cx7ht 3 ай бұрын
Never commented on any video love the way you told 😮🎉
@DevSecHacker 3 ай бұрын
Thank you. Then do support by subscribing.
@wnheieowz 4 ай бұрын
can i get src code pls
@DevSecHacker 3 ай бұрын
github.com/RajuGanapathiraju/VulnerableLabs/blob/main/ssrf_bypass.js
@BanglarPranChitra 4 ай бұрын
Nice ❤❤
@DevSecHacker 4 ай бұрын
Thanks 🤗
@SushantMaliwhy 4 ай бұрын
Hey could you make a video regarding XSRF-TOKEN/CSRF?
@DevSecHacker 4 ай бұрын
I will. Please do like and subscribe
@kuttuconnect 4 ай бұрын
Good insights
@_ArfatFarooq 4 ай бұрын
Bro you didn't show how to get reverse shell? Can we use here bin/bash for reverse connection in net cat? Also how get complete shell like full root shell using SSTI Vulnerability?
@DevSecHacker 4 ай бұрын
This video is intended to show SSTI detection method and exploitation (SSTI to RCE). If you are interested to know more, I will make a part 02 video on it.
@_ArfatFarooq 4 ай бұрын
@@DevSecHacker Thanks bro make interesting tutorials on topics like these such as Deeply understanding all types SQL injections on live target in simple Url, Hackbar, through intruder mode(burpsuite),sqlmap bypassing of cloudflare, lite speed server then getting databases without error. SSTI in different ways on live target you can hide url of the target if you want for youtube polices. How to scan SSTI using advance tools. LFI, RFi on live target and uploading of shells in different ways to get reverse shell. Command injections in new ways by bypassing restrictions of Clouflare and getting reverse connections. These are very important topics of cybersecurity and interesting for everyone who are interested in cybersecurity/hacking/pentesing. These were my bonus tips 😉 for your next tutorials. People are mostly interested in these topics even I am too...i believe you will bring and present such all tutorials in nice way and new ways...Keep growing 💗 thank you❣️❣️❣️
@_ArfatFarooq 4 ай бұрын
@DevSecHacker Thanks bro make interesting tutorials like these such as deeply understanding all types sql injecti*ns on target in url, h*ckbar, through intruder mode(burpsuite),sqlmap bypassing of cloudflare, lite speed server then getting databases without error. SSTI in different ways on live target you can hide url of the target if you want for youtube polices. How to scan SSTI using advance tools. LFI, RFi on live target and uploading of she*lls in different ways to get r*verse sh*ll. C*mmand injections in new ways by byp*ssing restrictions of Cloudflare and getting r*verse connection. These were my bonus tips for you to upload such interesting topics because people are mostly interested in these topics and even I am too...I hope you will upload such nice contents thank you...
@Zach8877 4 ай бұрын
Nice demo! The question I can’t get out of my head is “why isn’t this called JavaScript injection”. It seems directly analogous to a SQL injection but with JS instead of SQL. The term XSS just doesn’t compute in my head.
@DevSecHacker 4 ай бұрын
Yes. You can call it as a form of javascript injection since malicious script will inject in the web pages. According to owasp top 10 - 2021 even XSS also categorized in injection part. for reference owasp.org/Top10/A03_2021-Injection/
@cherrycherry-zs7qj 4 ай бұрын
Notable suggestions, keep doing more shorts like this
@DevSecHacker 4 ай бұрын
Sure 😊
@DevSecHacker 5 ай бұрын
if you want to support my work: www.buymeacoffee.com/devsechacker
@DevSecHacker 5 ай бұрын
if you want to support my work: www.buymeacoffee.com/devsechacker
@DevSecHacker 5 ай бұрын
if you want to support my work: www.buymeacoffee.com/devsechacker
@DevSecHacker 5 ай бұрын
if you want to support my work: www.buymeacoffee.com/devsechacker
@DevSecHacker 5 ай бұрын
if you want to support my work: www.buymeacoffee.com/devsechacker
@DevSecHacker 5 ай бұрын
if you want to support my work: www.buymeacoffee.com/devsechacker
@briansans-souci9083 5 ай бұрын
Thanks mate!
@DevSecHacker 5 ай бұрын
you are welcome.
@rayipallisudheerkumar7140 5 ай бұрын
Great Collab🎉
@DevSecHacker 5 ай бұрын
Thanks
@DevSecHacker 5 ай бұрын
Now added few more improvements for this tool like database integration, de-duplications, state management, parsing the html for results and generating a final report. you can see that as a v4.js file in my github.
@allanguwatudde7623 5 ай бұрын
Great explanation
@DevSecHacker 5 ай бұрын
Thanks and please do support by subscribing to my channel for more videos like these.
@heiroPhantom 6 ай бұрын
hallelujah. you're my savior, man. my own personal jesus christ.
@DevSecHacker 6 ай бұрын
Thank you. Then please do support by clicking the subscribe button 🙂
@KevinThomas-lq1yi 6 ай бұрын
Great tool. Fantastic. In free version it will only allow 10 uses per 24 hours. Pro version allows 250 uses in 24 hours but it costs $ 20 per month
@askholia 6 ай бұрын
I appreciate this video! Great work!
@DevSecHacker 6 ай бұрын
Thank you. It pays off all the time that I spent.
@pavanreddynamala8675 6 ай бұрын
Good information
@DevSecHacker 6 ай бұрын
Thanks
@rayipallisudheerkumar7140 6 ай бұрын
Is it Legal to use the Dark Web?
@DevSecHacker 6 ай бұрын
It is not illegal but buying illegal products and watching illegal content in the dark web is punishable offense.
@i_am_dumb1070 6 ай бұрын
Ok but how can a attacker change dns settings of a company make make local host point to some other ip ?? Please help 🙏
@DevSecHacker 6 ай бұрын
In this bypass no need to change company settings, just bind two ip addresses(one is not restricted ip address like google ip and other is restricted ip address like localhost) for the same domain and pass the domain as a user input. For binding two ips to same domain you can use the dns rebinder service that i shown in the video.
@i_am_dumb1070 6 ай бұрын
@@DevSecHacker ok thanks 🙏
@bugr33d0_hunter8 6 ай бұрын
Yeah ive already found 2 bugs with this and submitted them to intigriti. This cut the time for me almost in half it feels like. Im so glad i founad this. Like i stuck gold, lol. Great vid. Im just worridd about the bad guys using it for the wrong reasons.
@whateveritis0 6 ай бұрын
How u able to find bugs with this
@vineet1 6 ай бұрын
Excellent .. Bro .mastu chepinav
@DevSecHacker 6 ай бұрын
Thank you. Do subscribe and you will get more content.
@nemizy 6 ай бұрын
I thought you are using downloaded model from hangingface site
@DevSecHacker 6 ай бұрын
We can do that as well. But I didn't do it in the video.