Cross-Site Scripting (XSS) Explained And Demonstrated By A Pro Hacker!

Рет қаралды 502,705

Күн бұрын

Пікірлер: 598

@coa9080 7 күн бұрын

Loi you are a beast. This is straight to the point and no bullshit. The first time I saw you, I went straight to udemy and got 3 of your courses. Keep spreading the knowledge brother!

@bachtiarmuhammad8716 3 жыл бұрын

"i hope you learn something valuable...". This is absolutely valuable, I have been trying to find how dangerous XSS is, but never get satisfied answer except this one. Thanks loi!

@JL-ud6xx 3 жыл бұрын

practical example, instead of theoretical which we see many site...

@digges90 3 жыл бұрын

Damn, this is gold

@oluwaseunmicheal1571 3 жыл бұрын

Please can I have your telegram username I need to speak to you please if I may

@bachtiarmuhammad8716 3 жыл бұрын

@@oluwaseunmicheal1571 speaking about what bro ? :v

@Richard-ji4kc Жыл бұрын

WEll i see it now but i just got this computer and i hate that its been hacked i did not know cause all the redirects etc. and identity theft i keep seeing fimiliars names as well including goat

@clem4224 3 жыл бұрын

Dude you deserve way more views. Straight to the essential, clear, understandable. You won a new follower !

@denisivanov4888 3 жыл бұрын

This channel is gold. All I can say.

@sudiptaroy4052 3 жыл бұрын

goldmine

@luigigrossi7774 3 жыл бұрын

School FOR ROBBERS AND CRIMINALS ???

@naveenrawat1549 6 ай бұрын

24 carat

@mamuli01 4 ай бұрын

yes the owner of this channel is an ultimate hacker

@Wastelander1972 2 жыл бұрын

Dude, I’ve been studying cyber for over two years. This is amazing. The first time I can actually see this in action. Thank you!

@ajanitau3405 2 жыл бұрын

I'm brand new to IT and was reading about open web app projects and came across the word Cross Site Scripting. Your explanation and demonstration was so clear, concise and yeah, scary! Thank you. I'll be studying your content for sure!

@philk.2208 3 жыл бұрын

Best demonstration of XSS that I have ever seen - thank you

@SHAMulA147 Жыл бұрын

I've tried many times to understand what is really happening with XSS and this was the best way it has ever been explained to me

@saikrishnavinjamuri4058 3 жыл бұрын

This is awesome... If someone is in hurry of preparing for the interview.. get this..

@Gupatik 3 жыл бұрын

thank you man, now I can start my career with you here in KZbin even before I go to university

@davidrocky Жыл бұрын

Wow, I knew a little about XSS but I didn't had the creativity to think that this kind could be made with this technique! Thank you so much for the presentation!

@tomislavkukic1395 3 жыл бұрын

Thank you so much. I'm a web developer and this info is a gold. You explained this in such way that anybody can understand the great risk. This is scary how easy it is to hack the site if it is not protected against these attacks.

@oldnews4160 2 жыл бұрын

How difficult is it to disable/prevent xss?

@WebieTM Жыл бұрын

@@oldnews4160 I think quite easy for developers. Just don't use innerHTML for user content, just innerText. As soon as you as a user realise a website has this vulnerability, you can either check by inspecting or contact the website owners.

@tealic367 4 ай бұрын

@@oldnews4160 im a bit late, but to prevent xss, a little security can go a long way. Obviously there are a lot of advanced security techniques, but simple things like input restriction (like preventing the input of '') or output encoding (where things like '

@swipe87 3 жыл бұрын

You're a legend. Straight to the point and you spoke quickly with no filler.

@ManishKumar-rz9ub Жыл бұрын

I found great tutorial on XSS after several year, :) Thanks for sharing it so intuitively.

@ritikrampaul7172 Ай бұрын

Really liked ur video sir, where most of the videos creators focus on the theory and unnecessary content, Ur content is very very good it actually gives practical knowledge and that too with very good explanation. Really appreciate ur work 🙇🙇

@yfz9684 3 жыл бұрын

just been assigned to a security project dealing with XSS, and your video is really helpful and valuablr . a big thumb up bro

@RidwanOseni 3 ай бұрын

I have never been more confident about my cyber security career after watching this channel. You’re a gem. Thank you.

@41_a_nihalpathan78 Жыл бұрын

Man this was awesome 🤩 being a CEH guy I was still not able to understand how to perform XSS in proper way but this one video cleared my all concept ❤ u deserve millions of likes and views

@icaruz9094 2 жыл бұрын

FIRST TIME I WATCHED THIS I WAS NO IDEA WHAT I'M WATCHING I DON'T UNDERSTAND ANYTHING BUT NOW FOR MONTHS STUDYING JAVASCRIPT AND DOM MANIPULATION I CAN NOW EASILY UNDERSTAND EVERYTHING, THE MORE I DIVE INTO TECH THE MORE MY PERSPECTIVE CHANGES ABOUT INTERNET

@judahjosjacinth 14 күн бұрын

This is incredible and has so much value, Loi! Never in my life have I been exposed to hacking this way, thank you so much! Learned a lot!

@shireliyahu6801 Жыл бұрын

Loi you are the best! I love that you acutally shows us how XSS works rather than just explain it in pretty words :) Thank you so much!

@kevinportillo1971 3 жыл бұрын

Now I know how those infected sites have been hijacked before to host a phishing site, great demo!

@rushabhshah9164 2 жыл бұрын

Amazing video. Went through various articles and demos explaining XSS but this one is by far the best one

@purrkachuu 2 жыл бұрын

instant subscribe worthy. clear explanation, clear voice, valuable content

@andrewfarinola358 Жыл бұрын

Extremely well done, found your video looking up what XXS was because i wanted to see how dangerous the CS2 exploit is. Thanks for the great info.

@jaegar1nine266 Жыл бұрын

You got another subscriber. You explain and show the process so much better than Hack the Box. I’m currently slogging thru the Linux Fundamentals course and it is hard.

@hairychewy28 Жыл бұрын

This has been the best explanation of what a XSS is. Thank you!

@aragorn2753 2 жыл бұрын

" i hope you learnt something valuable " Is that a question sir .. Your channel is a diamond thank you so much

@ryanleong6266 2 жыл бұрын

Clear and concise explanation and demonstration. Couldn't ask for better.

@pgperkos 3 жыл бұрын

Perfect timing! I was actually testing it a few days ago! PS: I didn't expect your password to be 12345678 :P

@idontwantausername7398 3 жыл бұрын

What?

@EstrogenSteroid 3 жыл бұрын

@@idontwantausername7398 probs the password on beef

@grimorisX 3 жыл бұрын

Wow, this is insane. Ngl I'm a little freaked out by this. Great information as always. Thanks 🤟👍

@TWFSHOW 3 жыл бұрын

Game over..... Great info . Most useful channel 4 ethical hacking learning 👍👍👍👍👍

@secinject814 2 жыл бұрын

Wow you earned a sub and a ton of respect. You're fast, to the point, highly information-dense.. perfect level of difficulty for me. So happy the algorithm brought me here. Keep it up boss!

@c.w.bertrand4633 Жыл бұрын

The guy is incredible. I really enjoyed it. And it's really scary at the same time

@jacklee1612 3 жыл бұрын

Excellent introduction on this topic ! Audio quality is great as well, keep it up :)

@abdulrahmanmsusa9225 3 жыл бұрын

Amazing content Mr.Yang. Highly resourceful 👍

@mattv2497 3 жыл бұрын

Terrific content! Learning so many new techniques.

@Gh0st_0723 3 жыл бұрын

Ugh I hate all these spam hacker comments on every infosec video. Thank you for the content. Beautifully explained like always.

@ramseykarr6870 3 ай бұрын

clear, concise and to the point explanation. Just amazing!

@emdadulhossainakand48 2 жыл бұрын

The best Chanel for learning ethical hacking

@lurifos9576 3 жыл бұрын

I know that XSS is dangerous, but I never realised it can be this dangerous. +1 sub.

@chrisissun Жыл бұрын

thank you just ran into a NoScript detected a potential Cross-Site Scripting attack wow this is helpful

@kimdanielestoy3888 Жыл бұрын

I am a career shifter and my current work is related to cybersecurity, and thank you for this

@KeesFluitman Жыл бұрын

Nice job. Next question is, this seems like an easy task to fix. What else should one do to protect yourself and what is the current state of XSS protection and danger?

@DimitarKrumov 3 жыл бұрын

This made my day! Thanks for the great explain the process and where to find them to test and prevent

@alejandroharo0217 8 ай бұрын

on the process of getting my CompTIA. I was a little confused on this topic but wow. It really is scary. thank you for the video!

@damilolaoluwole5640 2 жыл бұрын

Thanks for the explanation. Now I can easily differentiate XSS attack from a Cors attack.

@yudilai5640 2 жыл бұрын

So I was thinking: if you are going to look side ways, maybe you don't need a head cam when we see the work on the screen. Thanks for the video, very informative

@BiO-_-MeKaNiZeM 3 жыл бұрын

Instant sub after the 1st video, good job explaining and the demonstration helps so much 👍

@joshuam2341 3 жыл бұрын

Hi Loi! Great video! Could you please make a video about your desktop setup or what you look for in laptops that are tailored for penetration testing?

@worldtreeboy8712 2 жыл бұрын

Well explained. Just subscribed after watching your video for the first time.

@shimtristan 3 жыл бұрын

Invaluable information. Many thanks Loi!

@dhanrajp6818 3 жыл бұрын

Ty for the demo. However have a doubt. How does tool plant malicious js to another users browser. The demo showed is the js and user login is done in the same local machine. Can u make the server render the webpage with malicious js??

@peytpeyt9113 3 жыл бұрын

Thank you, you teach very well even if i already know most of things thats you show, you make them more understandable.

@lindanib541 3 жыл бұрын

Awesome video, as always. One suggestion though, could you post the links in the description? Thanks :)

@muriloramosoficial Жыл бұрын

Wooow!! You gain one more subscriber 🙏🏼🚀

@veronicadiaz9454 Жыл бұрын

wow amazing video, Im studying cyber security and knowing this its very useful! I'm subscribing!

@brokenwindowpanes8220 3 жыл бұрын

This guy doesn't spend 30 minutes speaking bullshit and only 2 minutes showing the real thing. I'm a fan

@cybermatters Жыл бұрын

Thank you so much for letting me know how dangerous stored xss is .

@mahmudabdi1363 3 жыл бұрын

Wow I love your episodes.......Guys let's get to 1million subscribers

@emperorj4783 3 жыл бұрын

The only channel I watch when learning hacking:)

@physics3641 2 жыл бұрын

All of us know we don't learn hack to hack our own system😂😂😂

@clock-ai 2 жыл бұрын

Your explanation is very clear and easy to understand

@paulbaker8449 Жыл бұрын

What an awesome video! I’m glad I came across your videos, I have one real nooby question though… If this SQL stuff is so easy to put into websites, what do banks, shopping or government websites use to protect themselves from these attacks?

@kevinc8955 3 жыл бұрын

The problem is you can only realistically get better by practice and diverse practice against differing targets is likely against the law unless you have a job in pentesting. It’s all fun and games until the authorities knock on your door.

@edwinnikoi3844 3 жыл бұрын

Just subbed, great content. Clear and concise

@rahulrajendrasaw 3 жыл бұрын

i always watch full ads video in your channel sir so that you will bring more videos for free to us without any cost thanks

@yuki_nakato 2 жыл бұрын

XSS = GAME OVER. Thank you for creating great content!

@synchronulleins 3 жыл бұрын

I'm a very beginner, but I'm interested in cyber security.... And it's pretty scary to see how easy it is to get your informations...

@nithin1979 11 ай бұрын

Good demonstration of XSS using a feedback form

@nine2mdnt 2 жыл бұрын

What a valuable resource, so clear and easy to understand, thanks

@orangefish0297 Жыл бұрын

Learning about Cyber security after the CS2 XSS exploit that was reported yesterday I want to hear your opinion on that! It's actually making me really anxious

@aakashjana6225 3 жыл бұрын

Nowadays all web frameworks come with really innovative input sanitization techniques which make XSS attacks absolutely useless. Any tricks to bypass these would be cool

@MsSoldadoRaso 3 жыл бұрын

Yes, I love angular ❤️

@harshthechampful 3 жыл бұрын

Does it depend on the way the component is scripted at all? Like the framework handles all the sanitization and there is no chance of XSS?

@aakashjana6225 3 жыл бұрын

@@harshthechampful problem is you have to have a good idea of what kind of framework the code is coz reactJS when deployed is still the old vanilla JS which makes it difficult sometimes to know if its react, angular , vue or something else. And also there is quite a bit of abundance of 3rd party libraries to bump up the sanitisation game note that the browser you use also prevents some mailicious features making XSS difficult and added to that SQL has come a far way now to the point you cant trick it all that easy.

@masterofnoob4621 3 жыл бұрын

Please start ... complete hacking course 🙏❤

@thechaker886 3 жыл бұрын

in fact i've learned something valuable, Thank you from Algeria.

@simonboeke2979 11 ай бұрын

Great Video, worth every second of watchtime.

@GameReality 3 жыл бұрын

This is total fun and amusement 🙂 Love your music Peace and Love from Sweden

@PerryCS2 3 жыл бұрын

You remind me of the guy from (youtube) PBS Space Time (but a non English version of him). :) Great tutorial. Always nice to see how these attacks are done so I can make my website and APPS more bullet proof. :)

@rich182x Жыл бұрын

Broooo, thank you for visualizing this concept!

@raihanzaki5 2 ай бұрын

i suprised that subscribe button is highlighted when you mentioned it

@shamelessone1987 8 ай бұрын

I needed an example outside of the classroom's Vector Image with some script inside of it. I could see how thats easy to fall for

@parkergaming3123 2 жыл бұрын

Very Informative ! Thanks for such an amazing video ❤️

@CybSecBuddy 3 жыл бұрын

Hello sir Loi Liang Yang, I learnt something new today 😀😀 Thank you ❤️❤️

@edgargrajeda610 Жыл бұрын

Thank you so much, you do a great job of explaining it this helps me with my college XSS lab.

@mawaddaturriza7158 Жыл бұрын

im a frontend developer, looking for a video how dangerous xss is, because i know nothing at all about how it will impact our data. hope to see a video how to prevent it as a developer from you because i love to see how you explain informations

@PerryCS2 3 жыл бұрын

I use your site to help make my website and APPS in development more secure. Thx :)

@我爱您中国 3 жыл бұрын

The most dangerous ones are the ones who created these apps for hacking purposes but thanks for sharing this great video love it thumbs up for you!

@b07x 3 жыл бұрын

alert("Eeeeeeeeeee"); //KZbin can't be hacked that easily

@pepperjackshack2439 3 жыл бұрын

So once the user loads the comment section with the script, the browser is now "Hooked". So my question, if the user leaves the webpage, is the browser still hooked or BeEF is not able to connect to the client anymore?

@nathantipton4294 7 ай бұрын

Thank you for the detailed explanation. Can someone answer the question; does this kind of ethical hacking of your own site or apps allow some better capabilities for development? I want to understand if this is helpful for developers to not get locked out or to better monitor traffic?

@asthakhare9161 3 жыл бұрын

Mobile hacking lectures !! plzzz ! BTW Love your Videos : )

@anukrititripathi152 3 жыл бұрын

Yeah it's valuable, information is straight on point. Thanks👍🏽

@arnelkiller 2 жыл бұрын

Exceptionally explained. 🙏

@hsardrake5373 3 жыл бұрын

You can prevent that in PHP using the strip_tags() function passing the input data into the function

@bobbystotmisc 3 жыл бұрын

Yeah the XSS he covers is rather basic. Its DOM and Mutation XSS that we seen in modern applications. Unless a site is made manually without a framework or by a fool who doesn't know what they're doing, these standard input injection attacks wont be found in enterprise applications.

@hsardrake5373 3 жыл бұрын

@@bobbystotmisc I agree, is better to use frameworks while developing big or enterprise applications