Cross-Site Scripting (XSS) Explained! // How to Bug Bounty
Рет қаралды 49,686
Күн бұрын
@NahamSec 2 ай бұрын
Want to learn directly from me? Check out my course here: app.hackinghub.io/hubs/nahamsec-bug-bounty-course
@Skaxarrat 10 ай бұрын
This is my favourite format. You should do all the Top 10 OWASP vulnerabilities (Or Top 25...) like this one.
@wolfrevokcats7890 24 күн бұрын
Finally, someone is teaching XSS the right way. I'm glad that you're listening, I love how you make the font way bigger than your old video. I can watch your video even in mobile phone now if I don't feel like to open a laptop. Thanks man appreciate it
@mamuli01 3 ай бұрын
naham sir i just opened this video for 10 seconds and thought of exiting it but read the first comment on ur video and damn i am blown away by your explanation
@NahamSec 3 ай бұрын
I'm so happy to hear that! I hope this helped!
@aswadshaikh8312 10 ай бұрын
Awesome video Naham.Absolutely loved it. Just one suggestion:- Can you please go a little slow next time? As someone from a technical background I could understand everything and keep up with u but even a lapse of couple of secs would lose me completely about what's happening
@AliYar-Khan 10 ай бұрын
Damn ... the only thing now holding us to hunt XSS are our own Procrastination
@rydanstark9494 10 ай бұрын
Great man. Your videos helped me transition into Webapp pentesting from System Pentesting ❤🎉 More Power to you
@saadadil6112 Ай бұрын
great video naham .absolutely loved it
@shubhamgupta-ji9nh 10 ай бұрын
at 9:48, instead of an application, there is api running in the background of the application and it has a parameter which is un-used in the api, is there any possibility of a XSS considering the request is in json?
@BoricuaFez 10 ай бұрын
Thanks for the information. Been working on a target that has made me loose motivation and taken me down a rabbit hole about JS and React.JS. This video and others gave another point of view on how to approach the target. Thank you again!
@lostsecArmy 10 ай бұрын
🎉🎉🎉 love you from Pakistan 🎉🎉🎉
@souraldandothi5681 10 ай бұрын
Great Approach! Looking forward to it!
@ExplorewithRite 10 ай бұрын
the blog title field seemed to have a validation check ,is it possible that it would be bypassed ? and hence archieve xss through the blog title field
@ss-rc1gy 10 ай бұрын
awesome content , what about the DOM xss and stored xss?
@papafhill9126 10 ай бұрын
NahamSec probably wants people to find injection points first, that's the "foothold" so to speak. Then you escalate from there, so RXSS is a great first step to getting to escalation.
@ss-rc1gy 10 ай бұрын
Ya , that makes a lot of sense 😁
@vexed3185 5 ай бұрын
@@papafhill9126 Hey man, i dont understand, how can this affect the webapp? like does it edit the main code of the webapp or what?
@un4v5s83 10 ай бұрын
thank you so much! i feel indebted to learn this much from scratch and from only knowing the terminology of XSS that need put payload on some parameter into this little more advanced things that very interesting to me to learn about. I need to learn more and how far the learning goes? (Try to play auto5d chess in case one day i will come back to this video)
@rohitshastry2007 10 ай бұрын
Really Great Stuff!! Thanks for the 5WP
@alexparakan 10 ай бұрын
Does anybody here with ADHD who are super passionate about pentesting but struggling to start it?! 😢
@skyedunphy 10 ай бұрын
Thats so me
@bhavypatel1642 10 ай бұрын
Yes bro I am same here
@alexparakan 10 ай бұрын
@@skyedunphy I knew I wasn't alone. But the only way for us to survive this is we people with ADHD have to work together. Or we'll probably eventually become broke af. But the best thing about us is we can super skilled and hyperfocused in the IT field. Especially since we are good at finding things. Would be helpful if you have any suggestions for solving this problem. Because I'm just too tired of just wasting my time and saving videos like these to my watch later list.
@garrettguthrie2536 Ай бұрын
@@alexparakan me too!!!
@WorldwideWave811 4 ай бұрын
i really love your content bro, helps me learn alot as a cyber security student
@MiroPeev 10 ай бұрын
Great video and content! Thanks for helping out ....One question i have - where do you install your attack box for bug bounty? Is it on the VPS provider or it is local on your machine?
@sanjaiKumar-.- 10 ай бұрын
I would positively say he uses a VPS
@WaseemLaghari-m4e 10 ай бұрын
Once i got xss on TikTok but on that time they did not start their bug bounty program 😢
@vlogsprasenjit 10 ай бұрын
Great start❤
@ezekiel-my1pl 7 ай бұрын
well explained! thank you for this
@parshva3516 10 ай бұрын
do you suggest using a VPN while testing?
@Dext3r-Hwqkwtom 10 ай бұрын
Thank you for sharing your knowledge. Please extend this to 10 weeks 🙏🙏🙏
@b.i_khalil 10 ай бұрын
How do I login with an API key??
@Frawkesish 10 ай бұрын
So I'm not gonna lie.. I've been trying to learn the art of bug bounties for some time and to be frank I got overwhelmed and pivoted to Web Development.. even landed a gig as a developer and about 6 months in now I'm back to try again.. I feel like this makes a hell of a lot more sense now having built several web apps now. I guess I should start by just hacking my own shit..
@ciconid 10 ай бұрын
What resources did you use to learn Web Dev?
@Frawkesish 10 ай бұрын
@@ciconid Fireship youtube channel and practice. Start with a project you think is cool and learn how to build that. You don't have to know everything to build something.
@musaharuna756 8 ай бұрын
@@FrawkesishBut how did you find the gig. Is it a full time?
@Frawkesish 8 ай бұрын
@@musaharuna756 I actually kinda "hacked" my way into my current role.. I was working at an *insert retail company* and I found a simple issue I could solve. For me I found it frustrating we had to post a pic to discord and wait for a response to get the price of something that wasn't scanning.I ended up making discord bot with a simple database so I could search for the price of some specific items by name . I waited for a good opportunity to show it off to the right people and landed a gig . I don't get paid that silicon valley programmer pay but I now make a decent enough salary considering I had Zero experience and no degrees.. Note they are not even close to a tech company and I am the only developer.. it is very stressful at times but if I gotta go another year or 2 to keep building my resume up then so be it !
@Frawkesish 8 ай бұрын
@@musaharuna756 I'm not sure if my comment actually worked or not. KZbin is tripping
@razmjumehdi9069 10 ай бұрын
Do you upload videos for 5 weeks on this KZbin channel?
@SamuelEssa-ic6bt 2 ай бұрын
the last way this is self XSS ?
@gamerz9129 10 ай бұрын
i always get double quote filter " is there any technique to bypas the double quote filter ?
@mr.bouttacheck6656 10 ай бұрын
Within the next 4 weeks ima get something on one of those targets 💪🏾
@haanrey 10 ай бұрын
Lookingg fresh my byoyyyy !!!🤩
@preciousjoyb 9 ай бұрын
Me, I am a Software QA and starting to learn Pentesting bug bounty
@mmnahian 10 ай бұрын
i am first bro
@NahamSec 10 ай бұрын
Almost
@rctech1237 10 ай бұрын
I am feeling like a bug hunter now 😂😊
@musaharuna756 8 ай бұрын
Well ur not lil bro
@mohammedettayby 5 ай бұрын
Thanks man this vidéo help me to get my first bounty
@askholia 10 ай бұрын
Great video!
@praveenmsp 10 ай бұрын
Why do you always change the protocol to http?
@NahamSec 10 ай бұрын
Because the labs were having issues and only worked over HTTP. We did implement a fix though!
@Jarling-so4oi 3 ай бұрын
Make us more technical content and more hackinghub hubs, can we have a open redirect explained?
@Couple-Rounds 10 ай бұрын
Lots of Love 🇰🇪
@ucheugbomah2228 10 ай бұрын
all this you found means that this all vul?
@enigma.better 10 ай бұрын
You really gotta do this for other common vulnerabilities too we all love this kind of content
@Farsheedify 10 ай бұрын
Thanks for the amazing content.
@leghdaf 10 ай бұрын
Great Content ...
@AbhishekGupta-fz5dn 10 ай бұрын
this is the best video on internet about XSS
@lol-hz9mc 10 ай бұрын
Thank you for the video sir!
@MarkFoudy 10 ай бұрын
First
@NahamSec 10 ай бұрын
@MarkFoudy 10 ай бұрын
Thanks for the content, nahmsec!
@fabiothebest89lu 10 ай бұрын
I learnt something new, thanks
@ankitjha883 10 ай бұрын
Ben is really good
@thegyanshow812 10 ай бұрын
amazing🤠🤠
@saulo-moreira 4 ай бұрын
5:37
@am012z 10 ай бұрын
Amazing 👏
@minervaa0001 Ай бұрын
şu bugbounty öğrenmeye çalışan türk yok mu ya birlikte öğrenelim yazsınn
@Duskk0077 10 ай бұрын
Great video thx
@elinamk12 4 ай бұрын
so good big thanks.
@bertrandfossung1216 10 ай бұрын
Thank you for this awesome video. Little by little I’m grabbing these .
@Bit_Fury 10 ай бұрын
Thank you very much You have given us so much 😊❤
@GilligansTravels 10 ай бұрын
Thank you
@aquatester 10 ай бұрын
THANKS DUDE!!!!!!!!!!!!
@AntoinetteFanny-l8s 3 ай бұрын
Lewis Betty Clark Joseph Anderson Jason
@AbdelrahmanAwad-kd5le 10 ай бұрын
bro you are awesome
@AntoinetteFanny-l8s 3 ай бұрын
Garcia Susan Walker George Hall Sandra
@شیداعسکری-ل5ل 10 ай бұрын
Great
@Learning.Something.New.Daily. 10 ай бұрын
👍🏻
@iamwitchergeraltofrivia9670 10 ай бұрын
Hahahhahahahhaha blocking dangerous prots 😡😡😡😡😡😡😡😡
@shubham_srt 10 ай бұрын
Thanks
@benjamenwitaker5437 10 ай бұрын
P r o m o s m
@austynstephens9263 10 ай бұрын
@ahmada8629 10 ай бұрын
✌🏻😍
@h4s4n_ma 10 ай бұрын
wow😍
@MhdiSec 10 ай бұрын
👏
@TylerDurden-dd1tq 10 ай бұрын
WOW A VIDEO ON HOW TO GET MY FIRST 350 DUPES. CRAZY.
@aftabsaifi2436 10 ай бұрын
@Cyber_AR15 10 ай бұрын
Great video 👍🏽
@newbiejember9854 10 ай бұрын
Great content 🎉
@mehrankurd Ай бұрын
Thanks
@rajiniganth5322 10 ай бұрын
great
@Nejtak853 8 ай бұрын
great
Cool Items Official
Рет қаралды 75 МЛН
David Bombal
Рет қаралды 334 М.
Bug Bounty Reports Explained
Рет қаралды 15 М.