Это видео недоступно.
Сожалеем об этом.
Easy way to Find Blind Stored XSS | Bug bounty poc
HTML-код
- Опубликовано: 8 мар 2024
- Disclaimer: This video is for strictly educational and informational purpose only. I own all equipment used for this demonstration. Hacking without permission is illegal so always ensure you have proper authorization before using security tools in any network environment. thanks.
![Mary J. Blige - Breathing (feat. Fabolous) [Official Video]](http://i.ytimg.com/vi/snMHObq-6E0/mqdefault.jpg)
the only channlle on youtube that actually shows real pentesting. Good music choice.
thnq so much its means a lot for me ❤️☺️
Can I speak with you in private @@lostsecc
telegram join @lostsec
Great job bro, I love seeing real pentesting!
❤️😇
Most valueable content i found on RUclips ❤❤
nicee to hear this ❤️😇
Your channel rising 👏 its all because of your talents and hard work.
thnq so much brother good to see this type of reply ❤️😇
@@lostsecc yeah keep going bro! I am proud of you
❤️
Lostsec l consider you my diamond mine. God bless you my guy.....LOVE from ZIMBABWE ❤
my pleasure brother ☺️❤️😇Love you ❤️
You deserve An Huge Subs!
I’m Gonna wait for the Bug hunting Tutorials!!👌🏻👌🏻🐦🔥
sure all thing comming...❤️😇
Truly appreciate you ❤️🙏🏻
my pleasure ❤️😇
Nice tutorial and very helpful ❤
❤️😇
the best content ever made I learned a lot of tools
Can you please talk and teach us step by step in you upcoming vids ?
sure next video will be lit af ❤️
Hey Bro! What could be the weakness of this site. Is this site not doing proper Sanitisation? Or are there other causes?
yes input field not sanitize properly
i didnt understand the role of the first tool why u didnt directly jump to the second step (injecting the script directly), thank u so much for the content brother u r amazing
bcz i want to show cookie and more sruffs so i put that in end ❤️
@@lostsecc aahh okey thenk u so much im watching ur videos right now hahahh
Love the tools you share!
❤️
جزاك الله خير على الفيديو
وننتظر منك المزيد
thnq so much ❤️ sure i will make
ما فهمت واش قاعد يسوي ممكن تشرح لي و رمضانك مبارك
Great keep going
The community needs people like u
my pleasure brother 😇❤️
Bro how do you only have 7k subs. Ur awsome
my 7k is like my 1million ❤️😇all are like brotherss
Thanks for the "hacked by" html, imma slightly edit it and use for myself :)
❤️
I cannot run kali linux on virtualbox please can you tell me how did you do pentests with windows environment ?
just install wsl2 kali
Bro finishing portswigger labs and watching your video is enough for bug bounty hunting
😇❤️ some amzing content comming soon bro
@@lostsecc thanks bro u are creating a success in my life
No. 1 understand coding how websites work, learn basics(JavaScript) @@akashpokemonhunter7502
3:45 HHAHAHAHAHA LMAO I LOVE THAT
☺️❤️
Bro i know your focusing on the beginners perspective, but i would love to see your way of thinking going through the harder and more complex topics like saml, and oauth, ssti and meta and tags there is no proper structural info on the web about meta tag vulnerabilities and s, and the video was cool, THANKS. I would also love share some of my work on your channel if youre willing, let me know..peace
yeah i know all attacks my fav one is crlf so all will be comming soon..😉❤️
Hey bro you have great videos! Can you please tell me how long have you been doing this? I started 2 months ago learning javascript first.
just focus on owsp top10 and just learn little bit programming not neccesryy it take your so much time so better to focus on bugs..and do little bit programing in free time..
@@lostsecc that you so much for advice! Your channel is unique!
Hey bro I’ve been watching you for a week and your so good but i have a question im new to all these things i dont know coding nor bug bounty could you please tell me where to start thank you
start from portswigger labs
Can I have the xss code, please? 😭🙏🏻🙏🏻
dm me in telegram t.me/lostsec
nice find but what's the impact looks like self xss
chain it with csrf
How do you find vulnerable sites
dork & bounty program
@@lostseccthat first part may mean attacking websites that don't want u to attack them lmao
@@Noctuu we are good guy we report them
Hey, i wanna start learning about bug hunting. Where do i start from?
learn from portswigger and solve labs..
May I ask for an explanation how or what happened when the page changed at 3:45?
its injection same like xss but its framed in website interface..
@@lostsecc Thanks a lot, I do hope you post more a lot of this.
sure ❤️
Could you teach me? Ive been getting so frustrated with trying to find bugs.
just join my telegram channel that will help you t.me/lostsec
I'm completed ethical hacking course but, don't have bug bounty knowledge. how to learn basic concepts and starting easy way to find bugs? Where? When? How do you learn bug bounty
just dm me in telegram.i will share premium.course free @lostsec
@@lostsecc can you give your telegram I'd name?
good luck bro 😊
thnq bro ❤️☺️
@@lostsecc 😊
You know something which we don't know...how do u find new targets ?
dork or just pick randomly
What impact this blind xss?? Same issue closed at N/A in hackerone
its stored xss bruhhh they can pay you high bounty if you find it 🧐
@@lostsecc here you can find your own cookie via blind xss, whats the impact here??
you can inject cookie stealing script in your payload and when victim click on your profile pic there cookie will be stolen and send to your hosted server..
Bro tell me the name of tool that your using
there are many i shared in my github repo
Give me the link bro
Thanks for providing such a great content. I have a question that you have uploaded a script from the notes into the username , i tried to find it in the local storage but did not get that. Can you explain about that script or where we can find them?
thank you ❤️just msg me in telegram i will send @lostsec
@@lostsecc telegram?
but isn't this a self xss? how are you going to deliver it to victims ?
chain with ssrf
@@lostsecc how? you didn't show in the video at all
Bri i've been watching your videos from a long time now... And u might as well know me....
I've been doing all i could...
Its just that at last, something lags behind and im not able to find vulnerabilities... Can u help me personally??? 😢
sure just msg me in telegram
@@lostsecc hii, I need help too. I tried to join your telegram channel but was unable to.
t.me/lostsec
Amazing brooooooo..❤❤
thnq bro ❤️
Man you are good
thnq brother ❤️😇
Thank you so much bro
welcome brother ❤️😇
@@lostsecc please don't give up just because youtube rules bro, you can just make another account and we always follow you😁🙏 u r the best
this is the reason that i dont want to give up bcz i finds brother like you all☺️😇
@@lostsecc don't give up
You on hackerone?
both are self attackes...
chain with csrf
dude can you share all the sites you use for testing?
join telegram channel i share there all @lostsec
@@lostsecc i already joined it ... can you do a post with all of them at once and link it here?
Hey bro can you pls give me payload that you used in the end
join my telegram channel t.me/lostsec
@@lostsecc I have already joined many weeks ago but I couldn't find there 😕
Who can I install those tools
i will share all tool in telegram channel @lostsec
But bro pngtree don't have bug bounty program how you report bug and got 1000$ , please tell
i said its worth 1000$ just find it on bounty program and earn
did you actually make 1000 from this? where did you submit it to
if you found this on bountty program its worth then 1k
Any idea how to hunt on web3
video comming soon
@@lostsecc waiting
This is self xss?
chain it with csrf
very good
thank you ❤️
Bro if you don't mind tell what's ur pc/laptop specs
bro i have hp.laptop but soon i will.make best setup for pc
@@lostsecc yayay thank you also i have hp laptop too but it's kinda mid 😭
can your share this payload second one?
Skid
just msg me in telegram @lostsec
Name of the song? thanks! you are legend
search literely me part 1 & 2 in yt
@@lostsecc thanks
How do you find websites to test for
just randomnly & dork & bounty program
@@lostseccwhat’s dork
will share in telegram
Actually most of the time it won't work on the email parameter
its not in email parameter its in username
@@lostsecc yes in username too
i was almost doing shit....ethical shit ofcourse.....
u earned a new sub! could you provide me the html file u put on the username tab please?
sure dm me in telegram @lostsec
@@lostsecc alr
hi bro ,hope everything is ok ,the png tree website is yours?
no
@@lostsecc fuck your are a master code like me......thanks for your fast response....
@@lostsecc im starting my run on bug bounty...
@@lostsecc you are a master code like me...nice too meet you bro...
my pleasure bro 😇
God loves you ❤
love you three ☺️❤️
dawg this is self xss nobody will see this on that url only you can see it
chain this with csrf
@@lostsecc did u find a csrf?
Keep it up brother 🩶🩵
❤️
self xss?
chain it with csrf
@@lostsecc not very serious though
cool cool, where can i find this ?😅, and how do i sub again
just msg me in telegram @lostsec ,☺️and for sub again click subscribe button three times 😉
@@lostsecc just did
Payload?
join telegram @lostsec
Good
❤️
@Lostsec can you explain what does that xss.report site reveal ?? please!
its reveal cookie inernal ip addrws local cache storage dom etc
good 🔥🔥
❤️😇
I wish i could earn someday and help my parents 😭😭
sure just keep patience and hardwork ❤️
@@lostsecc you got another sub. 🗿
🔥🔥🔥
❤️
tutorial plz
its a tutorial bro 🌝
@@lostseccok
name All extension ?
join telegram i will post there with link @lostsec
Ok ♥️
❤❤❤
❤️😇
bro this is self xss not blind
its stored you can use cookie stealing script and when victim click on your profile there cookie will be stolen by you..
When victim visits the url he will get redirected to his own account , Unless attacker account isn't public or his username isn't shown in the admin dashboard , this doesn't considered a bxss
you can chain this with csrf to xss and send to victim it will work..
its not get based xss in url parameter its post based stored xss
@@lostsecc the attack vector is that you will enforce victim to create account with your controlled email and then extract the cookies , okay this is possible but what is the impact since this isn't victim's primary account , So you basically extracting cookies from a dummy account you made . The best way to exploit would be to find cache poisoning vulnerability . Nice find btw
Brother CORS exploit code send kr do ab to
msg me in telegram @lostsec
@@lostsecc brother already joined your telegram
@@lostsecc please send brother 🥹
@@lostsecc yesterday we already talked but you say i upload in group but still not uploaded yet brother
send again bro i am sending...there are many messges so sorry for that just msg me once
u need to join fbi
🌝
Can u upload how to make hacked by coffin template?
i.will send code
HackerOne, BugCrowd, YesWeHack ?
Are you paid on what platform?
bro i dmed you in tele
i check bro