$950 bugbounty | Exploiting Reflected XSS using Burpsuite | hackerone | bug bounty poc | Security
HTML-код
- Опубликовано: 11 сен 2024
- #education #learnEthicalHacking #bugbounty
For education purpose only,
you can learn the numerous ways to do a security testing for a website or mobile apps.
like and subscribe to get notified with the latest exploits.
![Chlöe - Shake (Feat. Jeremih) [Official Visualizer]](http://i.ytimg.com/vi/aDs_1ufpfv8/mqdefault.jpg)
Hello, I'm Johan. I chose this video because it was the first one in which I discovered you, and since then, I have been passionate about the world of cybersecurity and ethical hacking. I have followed all your videos in the hope of one day being able to perform the same feats as you. I just started studying in this field, and I have realized that most hardware hacking tools are expensive, including Flipper Zero. I learn self-taught, so I can't buy the flipper zero so easily, but my desire is to acquire the necessary skills to continue learning and advancing in the world of hacking, for this I would like to win the flipper zero, however, thank you very much for everything what you do for the community, is amazing
This channel is pure gold! I loved all the POCs in here.
Do you use any automated tools to check if the website is XSS vulnerable or is it all manually checked ?
Thanks for your effort and time.
bro I dont' get it why only alert(1) was there a javascript on the refer header ? like how only 'alert(1)' would pop up an alert ?
Who said it's just alert(1)?
I have highlighted the whole payload, the payload is encoded if you see it and the server is decoding that encoding.
@@HACKERFUDDI oh I see, thanks for the explanation mate
i got the same xss in a url of the inc but they said the xss are not valid? wtf
noice
Nice dude.
can u tell which encoding did u used ?
how do you verify that automatically without request in browser?
By seeing the response in burp repeater.
@@HACKERFUDDI what kind of response?
not server side. Unless im mistaken
Why payload was triggered? I see that 403 forbidden response. Can u explain, bro?
Even if you put any simple text over that page the response was 403, because that page was broken. If you see in the video it was 302 when we are sending the payload, not 301, which means the next response will contain the inputs of pervious page, that's why it got triggered.
@@HACKERFUDDI aa I see. Thanks
the referrer was probably loaded somewhere in a script on the page, so the ' + alert() + '456 injects the alert in the script, the second apostrophe is then closed because in the script it become like this : referrer='url123' + alert()'456' as you can see there are 2 more apostrophes, if there was no second apostrophe, the referrer object would have not closed properly and the alert() wouldn't have been called properly
we want the recon process
xss payload list file send bro
Try payloadallthethings in github.
Can you please send me the report?