thank you!

there's 2 different ways to execute a Open Redirect. If the Open Redirect is executed by the Location header of the response, unfortunatly, this vulnerability will not tranform into a XSS If the Open Redirect is executed by the javascript code of the application, then the XSS will be valid in this scenario. A quick way to confirm that is by using curl and getting the response header of the open redirect url, for example: curl -i evil.com/redirect?url=google.com If you locate the header below in the response, XSS is not possible: Location: google.com

yes haha

It wont be possible at the moment, sorry

Thanks! Gonna definitely lower down the volume next time

Please don't do that again haha

i can’t actually record it on a real bugbounty target. But I believe I could record it on some application I developed in the past. Thanks for the idea

Thanks bro waiting for it 💕👍

Uma dúvida! Devo ter um conhecimento profundo de programação pra começar a caçar ou só o básico tá ótimo?

OBS, não curto usar ferramentas, acredito que mais atrapalha do que ajuda, são tantas também... Seria no manual mesmo.

en: IMO it’s better to have a minimal knowledge of each vulnerability, and then getting deeper when you are developing your hacking methodology, than studying only 1 vulnerability and start reproducing it anywhere. Each vulnerability has its purpose and there’s applications that one will be more appropriate than other. pt-br: Cara, na minha opinião, mais vale você ter uma base minima de todas as falhas e ir se aprofundando conforme for entendendo sua metodologia de hacking, do que focar apenas em 1 vulnerabilidades e sair tentando aplicar em todo local que vc vê. Cada vulnerabilidade tem seu propósito e local que uma vai ser mais apropriada que a outra

@@bugbountywithmarco Você escreve direitinho, né? Até isolou o vocativo e o adjunto pra falar comigo.

Deve ser chat gpt

not chatgpt at all

thanks!

my next video will be about some different xss techniques, maybe it can help you

that’s the key, reporting a xss with just a alert(1) will be paid way lower than reporting a xss with a 1 click account takeover

@@bugbountywithmarco maybe you can do more video sharing your methodologies, that would help lots👍, even though I'm a professional, but I'm Still learning new techniques

Do you suggest any theme for my next videos?

thanks for the tip. I’m pretty new to content creating, and i’m currently learning how to edit videos. I’ll try it in my next videos

my top 3 most found bugs is: IDOR, Broken Access Control and XSS

unfortunately I cant

i like doing manual searches on this scenario, I try to look into some keywords: bypass, force, admin, etc…

bons estudos amigo!

i have planned a few: SQL injection in modern web applications How to bypass broken access control And i plan to do a video reading some hacking questions in reddit. Do you suggest anything more?

​@@bugbountywithmarco you a my hero

@@starwin1159 thanks!

Nice! Thanks for the support

Finding hidden endpoint is a good start, but not only that. Some other interesting points to check: xss spots, developers comments, hidden parameters, logical bypasses. Basically, you have almost the complete source code of the application

@@panagiotismitkas5526 Estava vendo um vídeo do today is new dizendo que se todos usam as mesmas ferramentas, terá mais chances de obter duplicadas, não sei se você concorda.

Thanks!

Thanks! What topic would you like to see next?

@@bugbountywithmarco SQL injections is what I’m on KZbin looking up now

thanks!

thanks! I hope you will find your first bug either

thanks for the tip. I believe this is happening because this channel was just created. You can find the clickable links in my channel page though

thanks for the feedback. What topic would you like to see next?

my top 3 most reported vulnerabilities is: business logic errors, IDOR, and Improper Access Control

@@bugbountywithmarco oh thanks & interesting

@@SumitYadav-lr5vy i would suggest you to start with one of these: IDOR, Business Logic Errors or Broken Authorization. Specially business logic errors, that may not be as popular as the other ones.

@@bugbountywithmarco can you recommend me some recourse because business logic error doesn't have good resources?

@@SumitYadav-lr5vy actually to find a business logic error vulnerability you need to understand the business of the application you are testing. For example: a dating app allows the user to send messages to another user only when they have a match. But what if the user can actually send messages to a person before the match?

@@bugbountywithmarco it is like bac related issues

@@SumitYadav-lr5vy a little similar issue

@@SumitYadav-lr5vy of course! I have a scheduled video here about non common vulnerabilities

@@poiuymnbvc8339 that’s something I wanted to do. I have some application that I developed myself that i can use for demonstration

@@poiuymnbvc8339 thanks!

nice to know that! Is there any other vulnerability you would like to see in the perspective of a web software engineer?

I am just beginner in this field so just learning from internet Portswigger labs, KZbin, you etc any help appreciate

nice to know that, i’ll be posting about other bugs soon

Thanks