$16k Stealing secrets.yaml from GitLab using stored XSS - Hackerone bug bounty

Поделиться
HTML-код
  • Опубликовано: 21 авг 2024

Комментарии • 27

  • @BugBountyReportsExplained
    @BugBountyReportsExplained  2 года назад +4

    Hi! Welcome to the comment section. I hope you enjoyed the video. If you did, make sure to like it and leave a subscription!

  • @seifelsallamy620
    @seifelsallamy620 2 года назад +2

    A bypass after a bypass after a bypass after a bypass then an explosion. And each one of them is crazy on its own. That's one from the most interesting videos I have seen I will go to follow this awesome reporter.

  • @ahmadshami5847
    @ahmadshami5847 2 года назад +4

    man what a bug 😂, even keeping up with all the techniques used is a hustle. keep up the great work 👌

  • @simonkoeck
    @simonkoeck 2 года назад +3

    great vid! keep up your good work

  • @000t9
    @000t9 2 года назад +1

    Love your videos! Keep going!

  • @plasticgut
    @plasticgut 2 года назад +1

    This bug is beautiful... beautifully creative.

  • @digitzero3613
    @digitzero3613 2 года назад

    Thank you so much mate, I have been watching your videos just after I found your channel randomly (thanks to youtube). And this man must be a genius!

  • @auag666
    @auag666 2 года назад +1

    Instant sub! Please make more:D

  • @b-48_ajaypandit64
    @b-48_ajaypandit64 2 года назад

    Love you Sir

  • @_bergee_
    @_bergee_ Год назад

    🤯

  • @98paiseh31
    @98paiseh31 2 года назад

    👏

  • @hdphoenix29
    @hdphoenix29 2 года назад

    Wish my report be qualified to be in this channel someday

  • @airsky21
    @airsky21 2 года назад

    Hello, I tried to reproduce it. Although the data-original attribute can be constructed successfully, it seems that the script tag cannot be rendered. I want to know which version is the problem? The version I use is v13.12.1-ee

    • @BugBountyReportsExplained
      @BugBountyReportsExplained  2 года назад

      In the report we can see that the hunter used 13.12.1-ee so it's vulnerable. It was fixed in 14.2.2, 14.1.4 and 14.0.9

  • @puyatecla9903
    @puyatecla9903 2 года назад

    I want to report a bug in your video 😔 the video is cut in half, I can't see the whole thing just halves of the pictures and links I guess it must be a client-side thing

  • @jayden-kadzempire757
    @jayden-kadzempire757 2 года назад

    Hey could you make a video about Vimeo ssrf upload function

Следующие
Автовоспроизведение
Which XSS payloads get the biggest bounties? - Case study of 174 reports28:40Which XSS payloads get the biggest bounties? - Case study of 174 reports
Which XSS payloads get the biggest bounties? - Case study of 174 reportsBug Bounty Reports Explained
Просмотров 26 тыс.
$2,500 Leaking parts of private Hackerone reports - timeless cross-site leaks10:14$2,500 Leaking parts of private Hackerone reports - timeless cross-site leaks
$2,500 Leaking parts of private Hackerone reports - timeless cross-site leaksBug Bounty Reports Explained
Просмотров 4,8 тыс.
The Motivational Advice You Never Asked For (Bug Bounty Style)3:36The Motivational Advice You Never Asked For (Bug Bounty Style)
The Motivational Advice You Never Asked For (Bug Bounty Style)Hacksplained
Просмотров 2,5 тыс.
AI Simulates Civilization in Minecraft27:36AI Simulates Civilization in Minecraft
AI Simulates Civilization in MinecraftWifies
Просмотров 896 тыс.
Taylor Swift - I Can Do It With A Broken Heart (Official Video)03:43Taylor Swift - I Can Do It With A Broken Heart (Official Video)
Taylor Swift - I Can Do It With A Broken Heart (Official Video)Taylor Swift
Просмотров 8 млн
Kyle Richh - UNFADEABLE / BOA04:06Kyle Richh - UNFADEABLE / BOA
Kyle Richh - UNFADEABLE / BOAKyle Richh
Просмотров 245 тыс.
Georgina y yo te contamos de qué trata #UR Cristiano03:24Georgina y yo te contamos de qué trata #UR Cristiano
Georgina y yo te contamos de qué trata #UR CristianoUR · Cristiano
Просмотров 6 млн
$130,000+ Learn New Hacking Technique in 2021 - Dependency Confusion - Bug Bounty Reports Explained11:12$130,000+ Learn New Hacking Technique in 2021 - Dependency Confusion - Bug Bounty Reports Explained
$130,000+ Learn New Hacking Technique in 2021 - Dependency Confusion - Bug Bounty Reports ExplainedBug Bounty Reports Explained
Просмотров 14 тыс.
This is my coolest bug bounty report (SSRF ➡ Phishing)10:05This is my coolest bug bounty report (SSRF ➡ Phishing)
This is my coolest bug bounty report (SSRF ➡ Phishing)Bug Bounty Reports Explained
Просмотров 8 тыс.
Gitlab DELETING Production Databases | Prime Reacts17:27Gitlab DELETING Production Databases | Prime Reacts
Gitlab DELETING Production Databases | Prime ReactsThePrimeTime
Просмотров 323 тыс.
I forced EVERYONE to use Linux22:59I forced EVERYONE to use Linux
I forced EVERYONE to use LinuxNetworkChuck
Просмотров 406 тыс.
The Beginner's Guide to Blind XSS (Cross-Site Scripting)21:21The Beginner's Guide to Blind XSS (Cross-Site Scripting)
The Beginner's Guide to Blind XSS (Cross-Site Scripting)NahamSec
Просмотров 37 тыс.
7 Essential Command Line Tools (2022)9:127 Essential Command Line Tools (2022)
7 Essential Command Line Tools (2022)Tech Craft
Просмотров 208 тыс.
$XX,000 Airbnb impossible XSS with 4 bypasses9:15$XX,000 Airbnb impossible XSS with 4 bypasses
$XX,000 Airbnb impossible XSS with 4 bypassesBug Bounty Reports Explained
Просмотров 28 тыс.
Very creative way to turn Prototype Pollution into RCE in kibana - Bug Bounty Reports Explained6:58Very creative way to turn Prototype Pollution into RCE in kibana - Bug Bounty Reports Explained
Very creative way to turn Prototype Pollution into RCE in kibana - Bug Bounty Reports ExplainedBug Bounty Reports Explained
Просмотров 6 тыс.
How to not get hacked: real example13:55How to not get hacked: real example
How to not get hacked: real exampleThe PC Security Channel
Просмотров 407 тыс.
Светофорная болезнь на моторе G4FG 1.6 (KIA Ceed)23:47Светофорная болезнь на моторе G4FG 1.6 (KIA Ceed)
Светофорная болезнь на моторе G4FG 1.6 (KIA Ceed)KPOWERtuning
Просмотров 75 тыс.
РЕАКЦИЯ ИНОСТРАНЦЕВ на БАЯНИСТА из РОССИИ в ЧАТ РУЛЕТКЕ | Новый сезон16:08РЕАКЦИЯ ИНОСТРАНЦЕВ на БАЯНИСТА из РОССИИ в ЧАТ РУЛЕТКЕ | Новый сезон
РЕАКЦИЯ ИНОСТРАНЦЕВ на БАЯНИСТА из РОССИИ в ЧАТ РУЛЕТКЕ | Новый сезонХижина Музыканта
Просмотров 159 тыс.
Цены в ЕВРОПЕ: авто, iPhone, еда, бензин, кроссовки!45:50Цены в ЕВРОПЕ: авто, iPhone, еда, бензин, кроссовки!
Цены в ЕВРОПЕ: авто, iPhone, еда, бензин, кроссовки!808
Просмотров 172 тыс.
Коля Киргиз жив?! Новое видео из Санкт-Петербурга шокирует криминальный мир!01:00Коля Киргиз жив?! Новое видео из Санкт-Петербурга шокирует криминальный мир!
Коля Киргиз жив?! Новое видео из Санкт-Петербурга шокирует криминальный мир!CrimeTimeRU
Просмотров 44 тыс.
Арестович оценил ответ России на Курскую операцию ЗСУ: Кремль не остановит наступление на Покровск06:11Арестович оценил ответ России на Курскую операцию ЗСУ: Кремль не остановит наступление на Покровск
Арестович оценил ответ России на Курскую операцию ЗСУ: Кремль не остановит наступление на ПокровскYuriy Romanenko
Просмотров 118 тыс.
PEDRO PEDRO INSIDEOUT00:10PEDRO PEDRO INSIDEOUT
PEDRO PEDRO INSIDEOUTMOOMOO STUDIO [무무 스튜디오]
Просмотров 2,1 млн
Мама приболела😂@kak__oska00:16Мама приболела😂@kak__oska
Мама приболела😂@kak__oskaМишАня
Просмотров 290 тыс.
The kindhearted bunny officer helps the disabled!00:20The kindhearted bunny officer helps the disabled!
The kindhearted bunny officer helps the disabled!超人夫妇
Просмотров 2,6 млн