- Видео 44
- Просмотров 306 952
𝙇𝙤𝙨𝙩𝙨𝙚𝙘
Индия
Добавлен 14 ноя 2022
....//....//....//𝘽𝙪𝙜 𝙗𝙤𝙪𝙣𝙩𝙮 𝙥𝙤𝙘
Join me on my journey to uncover vulnerabilities and weaknesses in web applications. In this channel, I'll be sharing my bug hunting adventures, PoCs, and tutorials on how to identify and exploit bugs From beginner-friendly tutorials to advanced vulnerabilities PoCs. Let's hunt some bugs together and secure the program & Earn $Bounties !
Join me on my journey to uncover vulnerabilities and weaknesses in web applications. In this channel, I'll be sharing my bug hunting adventures, PoCs, and tutorials on how to identify and exploit bugs From beginner-friendly tutorials to advanced vulnerabilities PoCs. Let's hunt some bugs together and secure the program & Earn $Bounties !
POC for CVE-2024-34102 Magento / Adobe Commerce | Bug bounty poc
in this video i am going to show you latest cve of adobe commerce vulnerability that will help you to get bounty in bug bounty programs so motive of the video is to report this bug after finding so they secure there websites and if any youtube team watching this please dont restrict this video it takes so much time and efforts for make such video so people will learn and earn from this after reporting..Thank you
// Disclaimer //
Hacking without permission is illegal. This channel is strictly educational for learning about cyber-security in the areas of ethical hacking and penetration testing & bug hunting so that we can protect ourselves against the real hackers..
// Disclaimer //
Hacking without permission is illegal. This channel is strictly educational for learning about cyber-security in the areas of ethical hacking and penetration testing & bug hunting so that we can protect ourselves against the real hackers..
Просмотров: 4 691
Видео
This FFUF secret trick everybody need to know | Bug hunting poc
Просмотров 6 тыс.14 дней назад
// Disclaimer // Hacking without permission is illegal. This channel is strictly educational for learning about cyber-security in the areas of ethical hacking and penetration testing & bug hunting so that we can protect ourselves against the real hackers..
Reflected xss that made 500$ Bounty | Bug bounty poc
Просмотров 6 тыс.21 день назад
// Disclaimer // Hacking without permission is illegal. This channel is strictly educational for learning about cyber-security in the areas of ethical hacking and penetration testing & bug hunting so that we can protect ourselves against the real hackers..
CVE-2024-4367 - Arbitrary JavaScript execution in PDF.js
Просмотров 4 тыс.21 день назад
// Disclaimer // Hacking without permission is illegal. This channel is strictly educational for learning about cyber-security in the areas of ethical hacking and penetration testing & bug hunting so that we can protect ourselves against the real hackers..
Bypassing Cloudflare WAF's XSS Protection: A Bug Bounty Hunter's Perspective
Просмотров 4,6 тыс.Месяц назад
Disclaimer: This video is for strictly educational and informational purpose only.I own all equipment used for this demonstration and is not intended to be used for malicious purposes.Hacking without permission is illegal so always ensure you have proper authorization from the system or network owners before using security tools or attempting to exploit vulnerabilities.
Latest Check point:CVE-2024-24919 | Bug bounty poc
Просмотров 6 тыс.Месяц назад
Disclaimer: This video is for strictly educational and informational purpose only.I own all equipment used for this demonstration and is not intended to be used for malicious purposes.Hacking without permission is illegal so always ensure you have proper authorization from the system or network owners before using security tools or attempting to exploit vulnerabilities.
Bypassing Akamai WAF's XSS Protection: A Bug Bounty Hunter's Perspective
Просмотров 3,6 тыс.Месяц назад
Disclaimer: This video is for strictly educational and informational purpose only.I own all equipment used for this demonstration and is not intended to be used for malicious purposes.Hacking without permission is illegal so always ensure you have proper authorization from the system or network owners before using security tools or attempting to exploit vulnerabilities.
How to approach a target in Bug bounty programs Extended part 2 | Bug hunting live
Просмотров 14 тыс.Месяц назад
Disclaimer: This video is for strictly educational and informational purpose only. I own all equipment used for this demonstration. Hacking without permission is illegal so always ensure you have proper authorization before using security tools in any network environment. thanks.
SSRF Bypass by DNS Rebinding | Bug bounty poc
Просмотров 9 тыс.3 месяца назад
Disclaimer: This video is for strictly educational and informational purpose only. I own all equipment used for this demonstration. Hacking without permission is illegal so always ensure you have proper authorization before using security tools in any network environment. thanks. In this video i am going to show you ssrf new technique that help you in bug bounty hunting this technique called dn...
Easy Html/XSS/IFrame injection worth 500$ | Bug bounty poc
Просмотров 7 тыс.3 месяца назад
in this video i am going to show you how to find html injection and xss and iframe in website if you found these vulnerability you can report to bounty program and secure there site and earn bounty this is only for education purpose if any youtube review team watching this please dont restrict this video it takes time to find such vulnerability and teach all how to find this..Thank you Disclaim...
LFI aka Directory traversal mass hunting | Bug bounty poc
Просмотров 9 тыс.3 месяца назад
in this video i am going to show you all how to hunt for local file inclusion lfi and directory traversal vulnerability in bug bounty program so you can secure there website and earn bounty if anyone from youtube review team watching this please dont restrict this video because this help new people who are doing bug hunting this is only for education purpose.. Disclaimer: Disclaimer: This video...
Android Firebase Database takeover vulnerability | Bug bounty poc
Просмотров 4,3 тыс.3 месяца назад
In this video i am going to show you how to find vulnerability in android firebase database this is only for education so that everyone can hunt for this vulnerability and report to bounty program and secure there websites if anyone from youtube review team watching this please dont restrict this video it take times to find this vulnerability and teach everyone... Disclaimer: This video is for ...
How to approach a target in Bug bounty programs | Bug hunting live
Просмотров 24 тыс.3 месяца назад
in this video i am going to show you how to recon a target in deep and finds bugs in bounty programs this video will help all the hunters who are new in this field and dont know how to approach a target and hunt and finds bugs..i hope youtube dont takedown this video bcz it take so much time and efforts to make this if anyone from watching youtube in review team dont restrict this video please....
CORS Vulnerability mass hunting on Dell Bounty program worth 500$ | Bug bounty poc
Просмотров 22 тыс.4 месяца назад
Disclaimer: This video is for strictly educational and informational purpose only. I own all equipment used for this demonstration. Hacking without permission is illegal so always ensure you have proper authorization before using security tools in any network environment. thanks.
Easy way to Find Blind Stored XSS | Bug bounty poc
Просмотров 12 тыс.4 месяца назад
Disclaimer: This video is for strictly educational and informational purpose only. I own all equipment used for this demonstration. Hacking without permission is illegal so always ensure you have proper authorization before using security tools in any network environment. thanks.
OpenRedirect vulnerability Mass Hunting | Bug bounty poc
Просмотров 15 тыс.4 месяца назад
OpenRedirect vulnerability Mass Hunting | Bug bounty poc
This Time Based Blind SQL Injection and XSS worth 5000$ Bounty | Bug bounty poc
Просмотров 20 тыс.4 месяца назад
This Time Based Blind SQL Injection and XSS worth 5000$ Bounty | Bug bounty poc
Microsoft IIS Server mass Hunting | Bug bounty poc
Просмотров 30 тыс.4 месяца назад
Microsoft IIS Server mass Hunting | Bug bounty poc
Earn 500$ Easily by Escalating Html Injection to SSRF | Bug bounty poc
Просмотров 21 тыс.4 месяца назад
Earn 500$ Easily by Escalating Html Injection to SSRF | Bug bounty poc
How to Trigger XSS in Email login field | Bug bounty poc
Просмотров 3,3 тыс.5 месяцев назад
How to Trigger XSS in Email login field | Bug bounty poc
Find stored xss via svg file upload | Bug bounty poc
Просмотров 2,6 тыс.5 месяцев назад
Find stored xss via svg file upload | Bug bounty poc
Easy way to Find SSRF manually+Automation | Bug bounty poc
Просмотров 13 тыс.5 месяцев назад
Easy way to Find SSRF manually Automation | Bug bounty poc
HackerSploit Origin IP Exposed WAF Bypass
Просмотров 2,9 тыс.7 месяцев назад
HackerSploit Origin IP Exposed WAF Bypass
Directory listing leads to access of /etc/shadow file | Information disclosure
Просмотров 1,4 тыс.7 месяцев назад
Directory listing leads to access of /etc/shadow file | Information disclosure
CORS Vulnerability in Facebook | Bug bounty poc
Просмотров 3,1 тыс.7 месяцев назад
CORS Vulnerability in Facebook | Bug bounty poc
OTP Leakage via Inspect Element | Authentication Bypass
Просмотров 4,5 тыс.8 месяцев назад
OTP Leakage via Inspect Element | Authentication Bypass
Cors misconfiguration | leads to sensitive information | Bug bounty poc
Просмотров 2,2 тыс.8 месяцев назад
Cors misconfiguration | leads to sensitive information | Bug bounty poc
How to Find XmlRpc Vulnerability and Exploit it ! | Bug bounty poc
Просмотров 2,3 тыс.8 месяцев назад
How to Find XmlRpc Vulnerability and Exploit it ! | Bug bounty poc
Bypassing 403 Forbidden Errors with Burp Suite & Extension | 403 bypasser
Просмотров 14 тыс.8 месяцев назад
Bypassing 403 Forbidden Errors with Burp Suite & Extension | 403 bypasser
Why you disappeared
You are the best, Friend.
🤗❤️
Nasa paid you?
no its vdp
no way, are you ethersec?, because i am too :)
Bro I'll like to talk to you but your telegram bot I don't no how to go around it, is there another way that I could talk with you
just msg anything its come to me there
kapan update akun netflix lagi bang?
what
Exactly what was needed from the usual scamming crap from so called top tier influencers and free love to see a full edition from start to finish with all the pitfalls you encountered
❤️
What tag you use for xss because it do not work for me
there are many tagss try it..
For nuclei xss
👍🏻
hey man, could you upload some of your templates for nuclei? greetings from brazil.
sure uploading soon..
@@lostsecc thank you bro!
If the website is publically available and its vulnerable to CORS, then what is the impact?
no impact on publically accessble endpoint for cors you need senstive private endpoint
@@lostsecc exactly. But the way you showed is only for public endpoints right?
Can i get your nuclei template ?
will share soon..
my bro you are true definition of "HACKER"
thnq bro ❤️🤗
Brother can I get nuclei template please❤
i upload soon
Brother can I get it nuclei template please❤
Love u Brother ❤❤❤❤❤❤
what did you use for the linux terminal in windows
kali wsl
@@lostsecc thanks dawg
I want to point out something, when you started putting the URLs in the burpsuite extension on some of them you added a space, that is the reason why many of them return invalid host name. you can clearly see that on the ones that don't have a space at the end the scan started normally, unlike the ones with the added space.
ywah i know bro i noticed after making video ❤️
If shodan extension shows a website is vulnerable to some old CVEs, for example for old jquery versions but when I examine the website, it has no jquery files even. Does that mean shodan data is wrong or old?
these results are not acurate
Can you provide free alternatives for those who don't have burp pro?
use caido
@@lostsecc does it have 403 bypasser? I meant free tools for 403bypass
So is this Wsl with Kali?
yes
What this is called?
Is it html injection?
html xss
Are the program vdp
I'm waiting on demonstration of web defacement
bud which tool is \ best for automate ssrf in my target param lists
ssrfmap
Awesome video bro! Keen to understand how you got the first command when piped to acknowledge | gf lfi | urldedupe I have waybackurls working but i am not sure how to get gf to see the lfi payload
you need to install gf and its pattren i shared in telegram
name of extension that give you paths ?
link gopher
Mate, I have been watching your videos for a while now, and I feel like everything you show is applicable straight away. Thanks for such great content
❤️🤗
Hey, Mate. How did you install URLdedupe on Windows 11???
just paste binary in /usr/local/bin
i need the payload : )
i shared in telegram must check
Bro how are you getting command sugesstion in wsl
you need to install autosuggestion and auto syntax hilighter try it www.google.com/amp/s/blog.tericcabrel.com/setup-zsh-autosuggestion-and-syntax-highlight-on-ubuntu-server/amp/
pls provide the console command to download the results (pls I beg you)
shodan will patch immidately if i publish
Example of little key thing: I don’t like to run w11 bare metal because it has black/blue screened on me too many times in the past. So: I like to run everything from a VM so that I can make an updated clone each week. I noticed there is a lot of WSL happening now. If you running w11 as a VM, you’re not gonna get WSL Kali running/working on w11 in any VM software that I know of. If you run w10 in parallels on Mac i9 you can get wsl Kali running if you try 2 or 3 times. Other than that: specifically wsl2 Kali in a w11 VM? Nope.
Hi all: sometimes an easy quick way to learn is an opinion question comparison: Tell me: what is your favorite scanner (amass, dirsearch, aquatone)? Why/why not? What is your favorite proxy (burp, mtmproxy, Caido, zap) why/why not? The idea with question like this: when everyone responds they will probably mention some little key thing that others didn’t know. Hell: what is your favorite platform (hackerone, bugcrowd, intigriti, Immunefi) why/why not?
You are a true legend brother! God bless you
thnq brother ☺️❤️
Just awesome 👌 🎉
thnq bro ❤️
is this we can report as aa vulnerability in bug bounty program if possible wht is the ulernability name
microsoft iis tild
what is the extension to extract that domain
link gopher
Bro can you share your terminal theme settings
just install ohmyposh themes
❤❤🎉great contents
thnq bro ❤️
Bro could you share that xss payload cheat sheet please
i shared in telegram channel bro
is running kali or any linux distro on wsl better than a VM ? I see you use it alot
i use wsl kali
@@lostsecc if you can make a video for your configuration on WSL would be awesome
i need to delete all this for that ok o will try on old laptop after delete
@@lostsecc maybe do a writeup instead of video that would be efficient too
how do we report it??
use hunter io extension and fetch email address of there support mail and report them
بژی شیرە کور
Can u send payload files
check telegram
Cve-2022-2068 create this vuln video plz..
Great Video.
thnq bro ❤️
Great work 🎉🎉🎉🎉🎉🎉❤❤❤❤❤❤
❤️🤗
Thanks man
❤️
I want word list lfi
check telegram
Pro, I searched your telegram and found it, but searching on xss payloads I did not see it
How to contact you if I want to talk to you or ask something???
telegram
@@lostsecc okay But your Telegram group is already a group, how can I chat with you there?
just msg me in bot link in discription of that channel
@@lostsecc okay
@@lostsecc By the way, you understand Hindi things.????