The Beginner's Guide to Blind XSS (Cross-Site Scripting)
HTML-код
- Опубликовано: 23 окт 2023
- 🚩Signup for Snyk's CTF 👉🏼 snyk.co/nahamsecctf
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
XSS Hunter:
github.com/mandatoryprogramme...
Trufflehog XSS Hunter
xsshunter.trufflesecurity.com/
💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
www.buymeacoffee.com/nahamsec
JOIN DISCORD:
discordapp.com/invite/ucCz7uh
🆓 🆓 🆓 $200 DigitalOcean Credit:
m.do.co/c/3236319b9d0b
💬 Social Media
- / nahamsec
- / nahamsec
- twitch.com/nahamsec
- / nahamsec1
#bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
It's great that you record such materials, I haven't watched everything yet, but you do a great job!
This is really great to watch. I'm sure this will be beneficial for so many out there on the bugbounty path!! Looking forward for more videos like this. Cheers!!
Great video, presentation was excellent. I enjoy learning these techniques since I am new to the game. More videos like this is much appreciated.
Loved the video, helped me so much to be honest. Plz keep up the step by steps they help a lot.
Wow !!! great explanation about XSS........THANK YOU VERY MUCH BEN !!!
Excellent tutorial! As a newbie to this BB world, this is the kind of video I am looking for.
Excellent, really good stuff.
Please make more videos like this!
Love this kind of video, please keep doing these videos where you go through your thought process step by step
Thank you! Will do!
Love these beginner-centric videos.
I am still waiting for the JavaScript for hackers one :)
More like this please! Great information.
Thanka for uploading this video really helpful ❤
Please do more if this type of videos for us to get the practical understanding of bug bounty....
Wow. Lemme subscribe right now! Great explanation
This is awesome! I like how you don't rehash the basics everyone is trying to teach.
Brilliant stuff!
Wow , great information. ❤
Great video, more content like this please.
Hey @NahamSec great video as always. I you should also make a video for XSS hunder set-up. like how to host it on server etc.
Please make more detail videos on XSS and payload creation
beautiful stuff
Hi Nahamsec, thanks for your priceless inforamtion. could u pls tell us what will we get if we join to the channel as well? is there any extra content?
Please make a video on xss vulnerability covering the thought process to identify xss, injecting payload, thought process to bypassing waf on real site
Cfbr
Using xss_vibes,xsstrike tool to bypassing waf.
Yeah I second this please.
I’m a noob and keep making stupid syntax mistakes (amongst larger ones) would be really helpful if possible please mate
Thankyou Ben
Nice one!
You are great دمت گرممم
More...walkthrough. ❤️
Could you make a video doing XSS against a WordPress web-site and show different ways one could learn how to exploit XSS in WordPress websites and plugins?
Looking forward for live hacking stream by you !!!!
Useful Video as always. Hope to meet you someday at some LHE
🤞🏽🤞🏽🤞🏽
Hey, Thanks for these awesome contents :))پرچمت بالاس
🇮🇷
🇮🇷🇮🇷🇮🇷🇮🇷@@NahamSec
Thank U bro🎉🎉🎉🎉❤
Great Video! I take it you could do the same with SSRF by inputting a burp collab link within the tag and if it fires with HTTP / DNS responses it can be assumed that its executing. For this, could you use the Proof of Concept that Blind XSS would be present since the collaborator access link would be executed?
Awesome
make a video on , what is your way to bypass filters, and get your payload work
Is it advisable to “spray and pray” the blind xss payload in headers?
thank you
thanks naham
Does the program usually require you tell them where you injected the payload i.e like in the address field or additional comment box if so how do you keep track of that.
A large WOW!
Best one explain "how to hack". Thank you so much
Enjoy!!
Do you use any encodings here?
Great
for input we can add attributes like (onload) e.g: '" onload="JS_here"/>
I saw in input area most of them is sanitzi based on html entity the any other option to bypass the sanitazi
I have a query that if I use trufflesecurity then can I customise it like your payload?
Make video about how to setup xss hunter🙏
@nahamsec can you plz shr the custom script that you wrote (modification of the xsshunter script). It is nice and light weight.
any good event with import for that input tag
Please Make this type of contents
This is something new to my knowledge. thnx bro...///
i watched your video..i had completed CEH and after CEH v11 can i go for CTF or need anything else ?
what to do when the input field cuts off all signs
Which tool use for blind xss?
Truffles xsshunter is safe?
At 17:57 how did the opening angle bracket of the payload not get encoded when the closing angle bracket before it did?
I think, it's kinda security mechanism which kept in place to avoid xss. So, whenever any closing tag appears, it encodes it. So that no full tag will appear...even If you use img, script tag, closing bracket alone will be encoded by making our payload doesn't work
I can keep onclick=alert(1) ..so when ever click it pops up
I liked what was written on your hat. I would like to ask a question: I create websites by purchasing a theme and modifying it. Do the topics take into account the issue of structured code from inputs such as sql, xss, etc.? If not, what should I do to make the client's site more secure? Greetings to you from Morocco
How easy is it to remove this xss script if it is planned to website without much management panel like linktree or heylink. Someone put it on mine and i don't know how to remove it
sir I new to this field please guide me how to start from scratch 🙏
Hello sir
Whare i get those website playing the xss,blind xss stored xss , csrf ,ssrf and so much more i playing the
Metasploitable but its old
Can you suggest the website 😢
Tehran on the hat =))
Hello, what is written on your hat and where did you buy it? It is very beautiful
I made it. It says Tehran
make more content like this
i like your hat whats the arabi word meanings ?
Can you help me?
Please improve audio quality 🙏
Hiiie ben hope u doin well…love ya brother 🫡🤗🤗
❤️🥰
Could we also use Burp Collab
No, burp collab doesn't allow you to serve JS. You need to either use a tool or create your own
@@NahamSecsir i have hostinger hosting but i don't know how to host this can you make a full video on hosting bxss
Damn 50k a day. That is someone’s average annual income already
Audio is always low why ?
I'm not seeing any issues. Can you tell me what you are watching this on?
@@NahamSec yup its always lower than other normal videos..
@@NahamSecvoice is good
First comment hehe
Almost!
I was first hihi😊😊
Make the audio louder please ☹️
For 18:24, I'd guess using something like:
input type=image src=something.png onload=alert(1)
Or
input autofocus onfocus=alert(1)
Not sure those are right, but that's my guess.
autofocus onfocus should be the right answer, but it may need some playing around.
nice cap :D
The CTF first challage is to manage to register and invite your friends
Welcome to 20 years ago.
This content for beginner🙄🙄
onmouseover could be best;