Amazing! I would have changed the last 'x' by another letter just to not get confuse with the function x previously defined, for example, ,window+'',{a:' also works. Thanks for these videos.

Very well put.

Just passing through to say that it is gratifying to study and find people like you, willing to really teach. Thank you and please continue!

Thanks for breaking it down, that was super helpful!

Hello, I'm glad to watch your video. These past few days, I've been learning about XSS by watching your video explanations, but there are some things I still don't understand. Maybe my coding skills are not good enough. I want to ask you, to have such an in-depth understanding of XSS, do I need to learn front-end JavaScript code? For those of us who don’t fully understand, does it mean that it’s difficult and we won't be able to discover these vulnerabilities? Sometimes, I find it difficult to learn XSS. Do you have any good advice? Thank you

Thnx again for a very clear explanation!

Hi, amazing topic and well explained! If someone is interested, the correct payload to make it work in Firefox is: ?search=1&toString().constructor.prototype.charAt%3d[].join;[1]|orderBy:toString().constructor.fromCharCode(120,61,49,125,32,125,32,125,59,97,108,101,114,116,40,49,41,47,47)=1

Thank you for the in depth explanation! It makes a ton of difference that you explain the reasons behind the building of your queries. You are my go to channel for completing my burpsuite certificate. Thank you!!

thanks man you are greate❤️‍🩹

Why is the event method ineffective when I input ">onerror=alert(1)>?" Is it not suitable for this environment?

Thank you, great explanation 🔥

i think you were supposed to use two payload markers during the testing because the time you use one payload marker it replaces all the headers on the right side THANKS FOR THE VIDEO

Veryyy well explained 👏 👌 . I only have one question instead of &quote why not we use single quote in the anchor tag like this : href='cir:"payload'

Or I can just host my server locally and then wait for the request to append it to the logs? Or is it better just to utilize xsshunter tool? disregarding the privacy concerns as it can be easily seen by other people. Thanks have a good day!

A m a z i n g! not only the content, but also the way you explain. Congratulations!

You're golden! Thanks for these deep explanations.

hello, i saw your videos on black arch, they are very knowledgeable. can you please make a video on, jdk-openjdk and jre-openjdk are in conflict, error, when updating black arch

Great clear explanation!

Very good. I systematically click on your videos now while doing PortSwigger labs.

This content is brilliant! Thank you!

Very good clear explanations you are great thank you thank you thank you!

Loved your videos

Thanks again

Best teacher I have found on the topic all over the internet. Much appreciated ❤‍🔥 insightful walkthrough. Thank you so much and GOD bless you !

Where does it come from the %22%E ?? I don't get it because it gives the double quote character and the closed bracket before the body tag. We never had these in the initial payload on the website. Please explain me.

love how in the last video you encode it with + style url encoding and you type it out, but here you take it to that side bar and show how it can also get encoded using the % way. just doing two different ways to get the same thing in two adjacent videos. that's cool. helps me learn all aproaches love it.

Wow! You are the best!

installing ffmpeg (2:7.1-5) breaks dependency 'libavcodec.so=60-64' required by freerdp :: installing ffmpeg (2:7.1-5) breaks dependency 'libavutil.so=58-64' required by freerdp :: installing ffmpeg (2:7.1-5) breaks dependency 'libswresample.so=4-64' required by freerdp :: installing ffmpeg (2:7.1-5) breaks dependency 'libswscale.so=7-64' required by freerdp :: installing icu (75.1-2) breaks dependency 'libicuuc.so=72-64' required by freerdp :: installing gst-plugins-base-libs (1.24.10-2) breaks dependency 'gst-plugins-base-libs=1.22.1' required by gst-plugins-base :: installing icu (75.1-2) breaks dependency 'libicuuc.so=72-64' required by harfbuzz-icu :: removing syntax-highlighting breaks dependency 'syntax-highlighting' required by iaito :: installing protobuf (29.2-1) breaks dependency 'libprotobuf.so=32-64' required by kismet :: removing kio breaks dependency 'kio' required by knotifyconfig :: installing ffmpeg (2:7.1-5) breaks dependency 'libavcodec.so=60-64' required by mpv :: installing ffmpeg (2:7.1-5) breaks dependency 'libavdevice.so=60-64' required by mpv :: installing ffmpeg (2:7.1-5) breaks dependency 'libavfilter.so=9-64' required by mpv :: installing ffmpeg (2:7.1-5) breaks dependency 'libavformat.so=60-64' required by mpv :: installing ffmpeg (2:7.1-5) breaks dependency 'libavutil.so=58-64' required by mpv :: installing ffmpeg (2:7.1-5) breaks dependency 'libswresample.so=4-64' required by mpv :: installing ffmpeg (2:7.1-5) breaks dependency 'libswscale.so=7-64' required by mpv :: installing libplacebo (7.349.0-3) breaks dependency 'libplacebo.so=229-64' required by mpv

I have a question; considering that the password change process is performed when the user logs in to the user account, it is not better to check whether the user ID that sends the password change request (in addition to other mitigations you mentioned), matches the ID of the user who wants to change his password is equal or not?!

Ultimate Explanation

Ultimate Explanation

Thank god for you making these videos. I remember my first time going through portswigger labs, there was no great explanation of "behind the scenes of working of a payload". There would be just a random guy copy pasting the steps mentioned in portswigger solutions. Really appreciate the effort.

Thank you! Much appreciated. Please keep making these

Thanks

Thanks for the video. Please correct me if I'm wrong, Isn't the generated code for 2FA supposed to expire after a single use? I believe that one of the ways to prevent this kind of attack is to make 2FA codes single-use. Is that right?!

Awesome. Subscribed

Great video!!! Gained a new subscriber!

How you understood inside the h1 tags isnt injectable before xss labs we injected inside that tag

I love your videos but there is a minor issue but I really enjoy your videos .A few videos are a bit lengthy shortening them would be preferable because although I appreciate your explanations some of your videos are too lengthy for me to follow.

Broo I love your videos-tutorials. Your explanations are clear and you provide the solution of every Lab in PortSwigger constantly on your channel. That's so great. Thank you,

Thanks!

What an explanation, Very thankful for your content !!

That was the best hacking lesson I've ever seen. Please make more videos like this. You are Jesus of ethical hacking world!

That was helppful thanks

First one here❤

I am looking forward to your Javascript Tutorials. Thanks for doing this! Please do not get tired of uploading videos.

Hey Zenshell, I absolutely love your content! Your videos are always informative and engaging. Could you please consider making some videos on Prototype Pollution Vulnerability labs? I'm sure they would be super helpful and interesting for many of us. Keep up the amazing work!

This exploit work in Chrome but not in firefox

Loved it so much details 🌹

Mentor ❤