Cross-Site Scripting (XSS) Explained! // How to Bug Bounty

Рет қаралды 33,964

Күн бұрын

📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
www.buymeacoffee.com/nahamsec
JOIN DISCORD:
discordapp.com/invite/ucCz7uh
🆓 🆓 🆓 $200 DigitalOcean Credit:
m.do.co/c/3236319b9d0b
💬 Social Media
- / nahamsec
- / nahamsec
- twitch.com/nahamsec
- / nahamsec1
#bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp

Пікірлер: 83

@Skaxarrat 3 ай бұрын

This is my favourite format. You should do all the Top 10 OWASP vulnerabilities (Or Top 25...) like this one.

@souraldandothi5681 3 ай бұрын

Great Approach! Looking forward to it!

@aswadshaikh8312 3 ай бұрын

Awesome video Naham.Absolutely loved it. Just one suggestion:- Can you please go a little slow next time? As someone from a technical background I could understand everything and keep up with u but even a lapse of couple of secs would lose me completely about what's happening

@un4v5s83 3 ай бұрын

thank you so much! i feel indebted to learn this much from scratch and from only knowing the terminology of XSS that need put payload on some parameter into this little more advanced things that very interesting to me to learn about. I need to learn more and how far the learning goes? (Try to play auto5d chess in case one day i will come back to this video)

@user-bg1dz9li1v 3 ай бұрын

Great video and content! Thanks for helping out ....One question i have - where do you install your attack box for bug bounty? Is it on the VPS provider or it is local on your machine?

@sanjaiKumar-.- 3 ай бұрын

I would positively say he uses a VPS

@AbhishekGupta-fz5dn 3 ай бұрын

this is the best video on internet about XSS

@tonyrite7406 3 ай бұрын

the blog title field seemed to have a validation check ,is it possible that it would be bypassed ? and hence archieve xss through the blog title field

@Dext3r-Hwqkwtom 3 ай бұрын

Thank you for sharing your knowledge. Please extend this to 10 weeks 🙏🙏🙏

@rydanstark9494 3 ай бұрын

Great man. Your videos helped me transition into Webapp pentesting from System Pentesting ❤🎉 More Power to you

@KamalUddin-ih1vs 3 ай бұрын

🎉🎉🎉 love you from Pakistan 🎉🎉🎉

@vlogsprasenjit 3 ай бұрын

Great start❤

@AliYar-Khan 3 ай бұрын

Damn ... the only thing now holding us to hunt XSS are our own Procrastination

@Frawkesish 3 ай бұрын

So I'm not gonna lie.. I've been trying to learn the art of bug bounties for some time and to be frank I got overwhelmed and pivoted to Web Development.. even landed a gig as a developer and about 6 months in now I'm back to try again.. I feel like this makes a hell of a lot more sense now having built several web apps now. I guess I should start by just hacking my own shit..

@ciconid 3 ай бұрын

What resources did you use to learn Web Dev?

@Frawkesish 3 ай бұрын

@@ciconid Fireship youtube channel and practice. Start with a project you think is cool and learn how to build that. You don't have to know everything to build something.

@musaharuna756 Ай бұрын

@@FrawkesishBut how did you find the gig. Is it a full time?

@Frawkesish Ай бұрын

@@musaharuna756 I actually kinda "hacked" my way into my current role.. I was working at an *insert retail company* and I found a simple issue I could solve. For me I found it frustrating we had to post a pic to discord and wait for a response to get the price of something that wasn't scanning.I ended up making discord bot with a simple database so I could search for the price of some specific items by name . I waited for a good opportunity to show it off to the right people and landed a gig . I don't get paid that silicon valley programmer pay but I now make a decent enough salary considering I had Zero experience and no degrees.. Note they are not even close to a tech company and I am the only developer.. it is very stressful at times but if I gotta go another year or 2 to keep building my resume up then so be it !

@Frawkesish Ай бұрын

@@musaharuna756 I'm not sure if my comment actually worked or not. KZfaq is tripping

@parshva3516 3 ай бұрын

do you suggest using a VPN while testing?

@user-kt3qh2su6o 3 ай бұрын

Once i got xss on TikTok but on that time they did not start their bug bounty program 😢

@BoricuaFez 3 ай бұрын

Thanks for the information. Been working on a target that has made me loose motivation and taken me down a rabbit hole about JS and React.JS. This video and others gave another point of view on how to approach the target. Thank you again!

@razmjumehdi9069 3 ай бұрын

Do you upload videos for 5 weeks on this KZfaq channel?

@ss-rc1gy 3 ай бұрын

awesome content , what about the DOM xss and stored xss?

@papafhill9126 3 ай бұрын

NahamSec probably wants people to find injection points first, that's the "foothold" so to speak. Then you escalate from there, so RXSS is a great first step to getting to escalation.

@ss-rc1gy 3 ай бұрын

Ya , that makes a lot of sense 😁

@Cyber_AR15 3 ай бұрын

Great video 👍🏽

@mr.bouttacheck6656 3 ай бұрын

Within the next 4 weeks ima get something on one of those targets 💪🏾

@MarkFoudy 3 ай бұрын

Thanks for the content, nahmsec!

@user-vs2fw4jz9f 3 ай бұрын

Thanks for the amazing content.

@askholia 3 ай бұрын

Great video!

@haanrey 3 ай бұрын

Lookingg fresh my byoyyyy !!!🤩

@ezekiel-my1pl 7 күн бұрын

well explained! thank you for this

@rctech1237 3 ай бұрын

I am feeling like a bug hunter now 😂😊

@musaharuna756 Ай бұрын

Well ur not lil bro

@b.i_khalil 3 ай бұрын

How do I login with an API key??

@Couple-Rounds 3 ай бұрын

Lots of Love 🇰🇪

@user-fp7fs9xl2t 3 ай бұрын

Great Content ...

@lol-hz9mc 3 ай бұрын

Thank you for the video sir!

@unmaskedsec 3 ай бұрын

You really gotta do this for other common vulnerabilities too we all love this kind of content

@fabiothebest89lu 3 ай бұрын

I learnt something new, thanks

@ankitjha883 3 ай бұрын

Ben is really good

@preciousjoyb 2 ай бұрын

Me, I am a Software QA and starting to learn Pentesting bug bounty

@newbiejember9854 3 ай бұрын

Great content 🎉

@MohamedMostafa-lm9qy 3 ай бұрын

Great video thx

@mgillanders 3 ай бұрын

Thank you

@gamerz9129 3 ай бұрын

i always get double quote filter " is there any technique to bypas the double quote filter ?

@amr9806 3 ай бұрын

Amazing 👏

@shubhamgupta-ji9nh 3 ай бұрын

at 9:48, instead of an application, there is api running in the background of the application and it has a parameter which is un-used in the api, is there any possibility of a XSS considering the request is in json?

@ucheugbomah2228 3 ай бұрын

all this you found means that this all vul?

@bertrandfossung1216 3 ай бұрын

Thank you for this awesome video. Little by little I’m grabbing these .

@thegyanshow812 3 ай бұрын

amazing🤠🤠

@alexparakan 3 ай бұрын

Does anybody here with ADHD who are super passionate about pentesting but struggling to start it?! 😢

@skyedunphy 3 ай бұрын

Thats so me

@bhavypatel1642 3 ай бұрын

Yes bro I am same here

@alexparakan 3 ай бұрын

@@skyedunphy I knew I wasn't alone. But the only way for us to survive this is we people with ADHD have to work together. Or we'll probably eventually become broke af. But the best thing about us is we can super skilled and hyperfocused in the IT field. Especially since we are good at finding things. Would be helpful if you have any suggestions for solving this problem. Because I'm just too tired of just wasting my time and saving videos like these to my watch later list.