Видео

No need to study DSA. They won't ask. They will give vulnerable code snippets like below. You just need to identify vulnerabilities based on the code. github.com/yeswehack/vulnerable-code-snippets The above one is an example of vulnerable code snippets which are available in github.

@@DevSecHacker ok thanks for the resources, and if they ask us to complete incomplete code then it would be a basic code like the one you gave on GitHub right?

In general they won't ask us to complete the incomplete code. Since they will only check the understanding levels of code and how we are able to identify the vulnerabilities in it. Secure code review capabilities they will check since we need to do secure code review as a one of the responsibility in day to day work.

Thanks for the comment. I will change the voice setting next time

Sure. Thanks

Thanks

Ok

@@DevSecHacker Please give more details on my question.

Thanks, will do!

Absolutely yes.

Nope

Thanks for subscribing! And please do like also, so that it can recommend to more people who want to know.

@@DevSecHacker can u share use more about account takeover bug throw id parameter Sqli in id parameter

Sure. Let me add that into my upcoming list

Thank you. Then do support by subscribing.

github.com/RajuGanapathiraju/VulnerableLabs/blob/main/ssrf_bypass.js

Thanks 🤗

I will. Please do like and subscribe

This video is intended to show SSTI detection method and exploitation (SSTI to RCE). If you are interested to know more, I will make a part 02 video on it.

@@DevSecHacker Thanks bro make interesting tutorials on topics like these such as Deeply understanding all types SQL injections on live target in simple Url, Hackbar, through intruder mode(burpsuite),sqlmap bypassing of cloudflare, lite speed server then getting databases without error. SSTI in different ways on live target you can hide url of the target if you want for youtube polices. How to scan SSTI using advance tools. LFI, RFi on live target and uploading of shells in different ways to get reverse shell. Command injections in new ways by bypassing restrictions of Clouflare and getting reverse connections. These are very important topics of cybersecurity and interesting for everyone who are interested in cybersecurity/hacking/pentesing. These were my bonus tips 😉 for your next tutorials. People are mostly interested in these topics even I am too...i believe you will bring and present such all tutorials in nice way and new ways...Keep growing 💗 thank you❣️❣️❣️

@DevSecHacker Thanks bro make interesting tutorials like these such as deeply understanding all types sql injecti*ns on target in url, h*ckbar, through intruder mode(burpsuite),sqlmap bypassing of cloudflare, lite speed server then getting databases without error. SSTI in different ways on live target you can hide url of the target if you want for youtube polices. How to scan SSTI using advance tools. LFI, RFi on live target and uploading of she*lls in different ways to get r*verse sh*ll. C*mmand injections in new ways by byp*ssing restrictions of Cloudflare and getting r*verse connection. These were my bonus tips for you to upload such interesting topics because people are mostly interested in these topics and even I am too...I hope you will upload such nice contents thank you...

Yes. You can call it as a form of javascript injection since malicious script will inject in the web pages. According to owasp top 10 - 2021 even XSS also categorized in injection part. for reference owasp.org/Top10/A03_2021-Injection/

Sure 😊

you are welcome.

Thanks

Thanks and please do support by subscribing to my channel for more videos like these.

Thank you. Then please do support by clicking the subscribe button 🙂

Thank you. It pays off all the time that I spent.

Thanks

It is not illegal but buying illegal products and watching illegal content in the dark web is punishable offense.

In this bypass no need to change company settings, just bind two ip addresses(one is not restricted ip address like google ip and other is restricted ip address like localhost) for the same domain and pass the domain as a user input. For binding two ips to same domain you can use the dns rebinder service that i shown in the video.

@@DevSecHacker ok thanks 🙏

How u able to find bugs with this

Thank you. Do subscribe and you will get more content.

We can do that as well. But I didn't do it in the video.

You can directly use it on the web by login either using github or gmail account. Visit whiterabbitneo.com as shown in video

Thank you 🙌

If there is an SSRF issue and if target is restricted to do internal ip scanning then you can use dns rebinding to bypass the restrictions. Even if they restricted aws metadata ip address also you can bypass it using dns rebinding.

@@DevSecHacker nuclei shows dns rebinding and the severity was high but I didn’t find ssrf yet.

What template did you used for this?

Good to hear. It gives me a kick.

Thanks dude for regularly following my videos.

we need to implement proper synchronization mechanisms to ensure the correct and secure execution of code in multi-threaded or concurrent environments. For achieving it 1. we need to implement atomic operations designed to be executed as a single, uninterruptible unit, preventing race conditions. 2. locking mechanisms which Locks ensure that only one thread can access a shared resource at a time. In our case, findOneAndUpdate mongo query will help to prevent this. refer this for detailed understanding medium.com/@codersauthority/handling-race-conditions-and-concurrent-resource-updates-in-node-and-mongodb-by-performing-atomic-9f1a902bd5fa

You're welcome 😊