Это видео недоступно.
Сожалеем об этом.
Bypassing Cloudflare WAF's XSS Protection: A Bug Bounty Hunter's Perspective
HTML-код
- Опубликовано: 6 июн 2024
- Disclaimer:
This video is for strictly educational and informational purpose only.I own all equipment used for this demonstration and is not intended to be used for malicious purposes.Hacking without permission is illegal so always ensure you have proper authorization from the system or network owners before using security tools or attempting to exploit vulnerabilities.
join telegram channel for more payloads:
t.me/lostsec
This guy works to help us too best wishes to all hunters and learner i hope u will find more 🎉🎉
❤️😇🤗
Thanks so much for all you do for the community
Much Appreciated
my pleasure brother 😇❤️
bro u have ability to write book about penetration testing GOAT of cybersecurity field
no brother i just passionate about my field and i enjoy when i do that make me..
@@lostseccbro can u tell how can we become like better in web sec like we can surpass anyone and do anything like you ❤
just focus on owsp top 10 bugs p1 and p2
@@lostsecc bro can u tell me how many days or months took to master bug bounty hunting and is there any need of programming skill for bug bounty hunting and i know python and js basics
no need any programming if u have k nowdlege its plus point..but in bbp just focus on owsp top10 bugs only..
He is a real hacker with great skills.He is also a very kind person.
❤️
This guy is my inspiration bro this is insane 🎉
my pleasure ❤️😇
My payloads reflecting inside my xss so not executed script. Any idea how to successfully trigger xss in this case?
i need to check send me in tg
@@lostsecc sent you the details in tg, thank you
what that extextion name ?? that you useing to js
hacktool
Cool bro, you now have an outro. You've grown much!
❤️😇
Some people are saying that Hack Tool extension contains malware, is this true?
no its not it has lots of reverse shell payloads thats why its says virus
Thank you very much for all your videos. I'm really learning a lot, and I like it more and more.
I want to ask you a question, and it's something I don't quite understand. Once you get the code at the end of the video. What would be the danger for the company or for the page itself?
if u get victim cookie you can takeover there account :)
@@lostsecc bro can you explain a little bit more please like how
@@behindYOUR6 i uploaded full video in my telegram must check that ..
If shodan extension shows a website is vulnerable to some old CVEs, for example for old jquery versions but when I examine the website, it has no jquery files even. Does that mean shodan data is wrong or old?
these results are not acurate
Today I watched your around 5+ videos
☺️❤️
Thank u ❤. How to bypass the sanitized params where it encodes characters?
there are many payloads who dont need
Name of the song 🎵?
dark beach slowed
Love from A Security Researcher prospective 😂😂😂
🤗☺️
Can you make series video of web penetration practical what things to look where to look n and how to exploit
ok
I once found a bug. I can bypass the maximum photo upload limit which was previously only 20 MB. you know the name of the bug
you can try pitch fork bomb
Can you share with me the payload note at the beginning of the video?
Thanks a lot
i shared lots of payloads in telegram must check it..
what extension to use xss payloads ?
hacktools
Bro, why you put an sql erro message? That can be confusing to noobs plus the best way to bypass wafs is incremental not copy pasting payloads.
i done all before uploading..
Bro your content is valuable, but I have some question if you have tried every payload for xss testing & it didn't worked. How would you know if you are missing something or the site is secured from xss attack. How would you differentiate here
you need to check its source code whats reflecting and whats encoding or excaping..
@@lostsecc thanks bro
How can i learn tipo find bugs on websites? Like exploits ante 0days
you need to active in bbp community in all medium
Hello my friend I collected the parameters and I ran the kxss tool the site was filtering is there a possibility of having xss reflected or not
there are many xss that dont require just try that
Are u use kal linux subsystem for windows, and can you use tools like evillimiter and use wifi adapter
yes
@@lostsecc how, are u use specific program and how you cutomize your terminal like when you enter name of tool, tool is blue in terminal, and when you enter true path path is bold white
@@lostsecc ?
Hey bro how to start it
Like what to do first
SQL , xss , idor
start from portswigger labs..
Bro how u payloads write (create)
learn some evasion techniques and encoding..
I think it is low secured waf isnt it ? Most of waf block these payloads too
its depend on waf rule how secured they impliment
Bhai, Apnay tu poray Facebook Twitter Telegram RUclips say duplicate fake website hackers pentesters aur bug hunters ki band bajadee 🔥👌💉😂🤣😅💪❤️🇮🇳👑
😂🤭
Your new fan bro luv u❤
love you three ❤️🤗
Can you tell us your fav extensions
i shared all in telegram must check
my xss payload is being sanitiezed like this > < " is there a way
to bypass this
no its strong encoding better to find other one
@@lostsecc u mean another parameter
what i need to learn to be a bug bounty expert like you? protocols? http? vulnbs? tell me what pls
portswigger,bwapp are the best one to start
@@lostsecc thanks sir, last thing, recommend me a tool to find xss vulnbs pls
for blind use xss[.]report and soon i will make video on new burpsuite extension
@@lostsecc ohh, nice, i want to see that vid, btw, how can i contact with you? i have a good offer
First😂🔥
❤️🙈
Quick one. Suppose you were to send the url to a victim, as an attacker how would you get their cookie
there is payload for that i shared in my telegram channel video poc
@@lostsecc okay. i will check. Thanks
You bgm is another level❤❤❤❤
🙈i have many but due to copywrite clam i have limited access only..
where do you find such weak webs ? XD did you got the bounty ?
you need to test all that have wafs..
@@lostsecc bro, do you have any impossible level of xss nuclei templates to tackle modern webs
Bro how are you able to find bug easily in 2-3 days. Pls tell us about you exact recon methodology
bcz i am passionate about finding researching new things and i adept very fastt and i do all day so...this is my love
@@lostseccyour Insta?
First!!!
🙈
can you share code to get results from shodan without pay?
sure in upcomming videos..if i upload shodan immidately patch that so..
Bhai kon sa extension use kar rhe ho
hacktools
dear brother, I swear you to the God, share your play list 😐🙏
sure ❤️
Please name song
dark beach
@@lostsecc thanks 👍🏽
0:30 Which extension is that bro?
hacktools
Bro, How to get all ips in target domain and how to get 200 status valid ips?
use httpx -mc 200
@@lostsecc Ok, How to get all ips in target domain?
use -ip flag in httpx
@@lostsecc Thanks!
Goat bugbounty ❤😊
❤️☺️
bro, please tutorial fast scanning use nuclei🙏
All things gonna be changed when the open and closed encoded by the application and even encoded payloads not gonna works here you have to be more creative to figure this out otherwise this is not gonna work
there are many payloads that dont need
@@lostsecc wait, but if a website change any "" symbol to < >, doesnt it mean that this website doesnt have any xss vurn? since we cant inject anything (html and js need "")
< > is hard encoding for xss
@@lostsecc what do you mean??
this is hard encoding to be excaped use other technique or payload that dont contain
Nice 👌 🔥🔥🔥
Great budd
❤️
payloads plese
t.me/lostsec/525
Bro make video on wp login page xss bypass tricks and WAF IPS also.
And login without password
sure
@@lostsecc I am very exited to
Love you brother I am from banglore
@@lostsecc I watch all your videos superb content
Your a hacking legend
love u three ❤️☺️🤗
How many bugs you find a month? 😊
i dont find bugs,Bugs find me :) 🤭
first
❤️🤗
Wow yrr
Bro can give me your xss payload file?
t.me/lostsec/525
but how do you create them >>?
what
@@lostsecc the payloads how do you make them ? where did you get them from
there are many payloads shared by hunters..but you need to learn some encoding and some waf evasion techniques to bypass xss
@@lostsecc but don't they get banned after you use them
yeah they patch it if they notice it
whAAAT thIs iS iMpoSSiBLE
nOtHinG iS iMpOssIbLe
Insane.
❤️
Bro please share the payloads 🙂
in shared in telegram bro must check it
You are now becoming my idol bro.... Your skills are outstanding... Please make a small course on this .. Thankyou.
no need course i will upload all
😍😍❤❤🧡
❤️🤗
😮😮
bro can u give me brupsuite pro cracked version in telegram or link
dm me in telegram
Great one
bro we want tools or way to find real ip plz
sure
thanks it worked broface-red-heart-shape
❤️
The only true hacker 🥷🏼🙏🏼
🙈❤️