just found you. veeerrry interesting channel. as someone who learns by watching a massive amount of poc videos on one topic, i like how you take the analysis deeper. finally a channel that doesnt have the redundant "how to hack" videos.
Thanks! I start off with reports from PentesterLand, then I add a Google webscrape from Hackerone and then I add a few more reports from my memory/Pocket/etc.
Is there any way to bypass = blacklisted? Svg runs fine even creates its structure in code base but script tag and = are blocked on a url I'm testing with.
Love your vids. The other day I was messing around with a page and found an html injection, I was wondering if there was a way to escalate it to an XSS if the "=" sign is sanitized and leads me to a 403 Forbidden. Thanks!
LOVE YOUR VIDEOS I know HTML. Currently learning JavaScript. Then I'll put my hand on portswigger labs starting from xss then idor then business logic bugs. *My Questions are:* should I watch your channel from oldest or newest or most popular? should I continue with the approach I wrote above?
I think XSS is actually quite a complex bug class to start with. I'd rather go with access control, IDORs, business logic etc. And yes, Portswigger lab is the resource to go. I think watch my channel from newest
just found you. veeerrry interesting channel. as someone who learns by watching a massive amount of poc videos on one topic, i like how you take the analysis deeper. finally a channel that doesnt have the redundant "how to hack" videos.
Fantastic video. Highly informative!
This video is Diamond. Awesome mate very well explained. Gonna signup with BBRE soon.
Great video! Do you compile the spreadsheet data manually during your research (13:30) or do you automate with some scripting/scraping?
Thanks!
I start off with reports from PentesterLand, then I add a Google webscrape from Hackerone and then I add a few more reports from my memory/Pocket/etc.
is one of the shortest xss payloads, maybe that's why they are use more often
good point!
Is there any way to bypass = blacklisted?
Svg runs fine even creates its structure in code base but script tag and = are blocked on a url I'm testing with.
@@anonymousx_x3842 are you sure you are URL-encoding the = in the URL? If yes, then I'm not aware of a bypass.
From my experience on the client i pentest img tag is better, 95% of the time svg doesnt work when img does
Maybe try a javascript:alert(1)
Love your vids. The other day I was messing around with a page and found an html injection, I was wondering if there was a way to escalate it to an XSS if the "=" sign is sanitized and leads me to a 403 Forbidden. Thanks!
Awesome analysis!!
LOVE YOUR VIDEOS
I know HTML. Currently learning JavaScript. Then I'll put my hand on portswigger labs starting from xss then idor then business logic bugs.
*My Questions are:*
should I watch your channel from oldest or newest or most popular?
should I continue with the approach I wrote above?
I think XSS is actually quite a complex bug class to start with. I'd rather go with access control, IDORs, business logic etc. And yes, Portswigger lab is the resource to go.
I think watch my channel from newest
Ten film zawiera lokowanie produktu :)
Ja nie zauważyłem🙄
This is Gold man 💥
Thanks for the video =)
Can you share the template...No need database
What platform will u suggest for leaning bug bounty?
I suggest to pick a program first and then the platform
Correct me if i am wrong. Can we get XSS on 404 pages.
Can You Share About the BB Automation !
Yes but I'd have to invite someone for that because I don't do any automation
@@BugBountyReportsExplained thanks, Waiting :)
Hello brother I am also doing bug bounty but not getting success
I love you bro ❤
is there step how to do for bug bounty each report ?
hm?
@@BugBountyReportsExplained Excuse me what do you mean? i mean when i subscribed is there what does i mean?
@@Al-rt3ec Bro he questioning your question, it doesn't make sense
Can you share the notion list
i guess it's available for premium bbre users
Exactly, the database is available in BBRE Premium
Not 'E'mg tag but 'I'mg tag 😶🌫
true, I was reading it more in polish than in english
😂 exactly i was too scratching my head for the payload which starts from Emg. later i followed his track
i love you bro 🥰😍🤑
Every website would be vulnerable since you are injecting the script into the console yourself. This is not valid
Would be interested in using this info as a ML training set
Can you help me
can you give this cheet sheet in pin comment
I linked it in the description ;)
Better to use than the quoted one
Good point actually