Di, I thought Web Cache poisning is So hard to understand because It is a P1 Vulnerability and P1 are difficult to learn but You Made My Day Today, Thanksssssss a Lot Farah Di! ❤️
Awesome! Just to add a bit more to it: Whether a page should be cached or not, also depends on a response header Vary. Do check that out to know exactly what is being used to cache the pages of the website. (Cookies, Accept-Encoding, Extensions etc.).
hey farah your video is really helpful even though i've already been 3 years in bug bounty community, i still find your videos very helpful especially the most basics one i tend to forget it , do you plan creating your udemy tutorials soon?
Hello Madam we all like your way of teaching. We are requesting please make a video on the bugcrowed bug bounty where we get how to choose program , initial steps to any bug bounty and how to perform and which tools are used and os is useful for bug bounty and most important report writing for anyone of program in bugcrowed. Waiting for your reply. Thank you.
Hi! I'd like your opinion on the platform INE Training, I don't know if it's worth it. Have you used it? Have you known anybody who has? They're quite expensive. Cheers mate!
It doesn't work for me when I replicate the lab, I inserted the config code given, it did cache when I change pass to hash for php file but when I try to insert the extension of css or other extensions, it just gave me 404 error, any idea where i went wrong? Everything seemed to work except trying to get it to cache the extension
Condition 1: return profile.php when profile.php/nonexistent.css is requested -- this looks like a software/framework specific vulnerability. Is this really a valid, unpatched attack vector today (I'll be surprised)?
The condition itself isn’t something exploitable. It’s the cache config + this quirk which makes it dangerous. So it’s not an “attack vector” that needs to be fixed. You can install the latest version of php and try it yourself by hosting your own web app.
Hey, I had a doubt. Even if this info is getting stored in the browser, it is still the user's browser. How can hackers access the browser cache of the user on another laptop/pc.
So happy to hear this... congratulations!! 🥳 Which program was it? And no, I don’t have anything set up for donations right now but I really appreciate the thought :)
@@FarahHawa i have kids and all day i hear music like this on tv hehe no offense but i really cant hear you when you speak and im very interested to see what i missed and what i dont know. Thanks again!
Your way of explaining things with an example using labs is amazing........
This video proves that a single video is enough to understand the concept. Great Work.😀
Your method of teaching is really helpful for beginners like me
Di, I thought Web Cache poisning is So hard to understand because It is a P1 Vulnerability and P1 are difficult to learn but You Made My Day Today, Thanksssssss a Lot Farah Di!
❤️
Awesome!
Just to add a bit more to it:
Whether a page should be cached or not, also depends on a response header Vary. Do check that out to know exactly what is being used to cache the pages of the website. (Cookies, Accept-Encoding, Extensions etc.).
This doesn’t really matter for this attack but thank you for the info! :)
They don't matter for this particular attack. They are important for other cache-related attacks though.
Just wow learned many things from your video
Its amazing teaching stayle. Thank you Ma'am.
Your explanation is so good please continued for other topics
Content getting better and better 👍👍👌👌
Love your videos . Please make practical video on idor bug .
you've included some good resources in the description. It's amazing :)
Well Explanied! Thank you
All the basic relevant info and technical explanations in
wonderful farah
Thanks!
Demos were awesome...
Mo Farah and Farah are my favorite 🥳
Good Thanks!
The procedure Of Decode is very interesting
hey farah your video is really helpful even though i've already been 3 years in bug bounty community, i still find your videos very helpful especially the most basics one i tend to forget it , do you plan creating your udemy tutorials soon?
Great Content Farah ! Keep it up !
Hello Madam we all like your way of teaching. We are requesting please make a video on the bugcrowed bug bounty where we get how to choose program , initial steps to any bug bounty and how to perform and which tools are used and os is useful for bug bounty and most important report writing for anyone of program in bugcrowed.
Waiting for your reply.
Thank you.
Great explanation👍
You are a rockstar
Really well explained and very helpful. Thanks!
amazing work , keep it up !
Super useful information thanks for sharing
Thank you Farah
Excellent. You have yourself another subscriber :)
Nice Explanation farah.
Thank you!
Great video thank you, and the lab is very nice :D
Thank you! It took 2 days to figure out all the configurations 😅
Great content as always✌🏻
Thank you! :)
Excellent 👌 videos
thanks farah so much for amazing content
Thank you for watching ☺️
Good work!well explained.
Hi! I'd like your opinion on the platform INE Training, I don't know if it's worth it. Have you used it? Have you known anybody who has? They're quite expensive. Cheers mate!
Very well explained
Nice video, Farah
Hey farah,
If I want to learn from the very start do you teach online ?
No, I don’t
Thanks for the video good work 😎🔥👍
goood farah
awesome explanation. thanks!
dhyanwaad...😊
It doesn't work for me when I replicate the lab, I inserted the config code given, it did cache when I change pass to hash for php file but when I try to insert the extension of css or other extensions, it just gave me 404 error, any idea where i went wrong? Everything seemed to work except trying to get it to cache the extension
Great explanation keep it up 😇
Thank you!
Thank you so much mam.
Thanks farahh great content ! I tried to setup a lab. I used your default.vcl conf but my profile.php/test.css is not cached :(
Awesome
@Farah Hawa. can you make a video on Reflected file download
Wow
Farah mam, awesome content 🔥 thanks for this
Thank you for watching! Glad you liked it☺️
Learned something new ;)
Nice vedio 👏
love you
Informative...
Glad you found it helpful!
Hi Farah !!
Which is the best bug for very beginers to search on live websites for bounties
I hope you help for noobies "_"
Condition 1: return profile.php when profile.php/nonexistent.css is requested -- this looks like a software/framework specific vulnerability. Is this really a valid, unpatched attack vector today (I'll be surprised)?
The condition itself isn’t something exploitable. It’s the cache config + this quirk which makes it dangerous. So it’s not an “attack vector” that needs to be fixed. You can install the latest version of php and try it yourself by hosting your own web app.
I am your new subscriber
Nice video
Please make a video on aws Pentesting. It's my earnest request to you🙏🙏🙏
Hey, I had a doubt. Even if this info is getting stored in the browser, it is still the user's browser. How can hackers access the browser cache of the user on another laptop/pc.
This is the varnish cache we’re talking about, not the user’s browser cache :) Check the h1 reports in the description, you’ll understand the impact!
Eu estar apaixonado ❤️❤️❤️
Really good 👍 👍👍
Hey, can I ask what is the window you opened @5:07
I’m not sure what you’re referring to but the repeater tab of Burp Suite is open at that second.
@@FarahHawa yeah. Thank you. I just wanted to know that. Thanks!!
💯
Its been a month. Are u still gonna upload in the future?
Yes, working on the next one right now. Thanks for being patient 🥺🥺 really appreciate it
@@FarahHawa Take your time to make a great Content!! Faraah
Thank you Farah for your videos. Watching this video made me $750 (P2) from a public bug bounty program. Do you accept donations?
So happy to hear this... congratulations!! 🥳 Which program was it?
And no, I don’t have anything set up for donations right now but I really appreciate the thought :)
Why is the link to a non-existing.css file returns the html content? Does it ever happen? What is the root cause?
It’s a quirk that exists in PHP among other languages. You can try it yourself by setting up a basic website in PHP!
Make more video in week
MA'AM I wanted some tips on starting a career.. So i contacted you in Instagram and Twitter. plzz ma'am reply me
Hi
Sweeeet
ok again, great content but if you keep putting this Peppa pig music i will not watch ur videos. please dont put music in your videos!
Peppa pig 😂🤣🤣🤣
Ok I’ll try
Pls don’t stop watching 🙏🏻😄
@@FarahHawa i have kids and all day i hear music like this on tv hehe no offense but i really cant hear you when you speak and im very interested to see what i missed and what i dont know. Thanks again!
Yo
yoo
Can i try this on hackerone and other platforms ???