@@cybergoldenretriever was wonder is it possible to do xss from the client side or if the server side is validating no need to worry about the client side
@@moj929 XSS is inherently a client side attack and when I demo'd it at ~6:07 the attack was done from a client side perspective. One thing to note is that there are a couple forms of XSS, namely, stored and reflected. Stored - This is when the malicious code is stored on the server itself (usually via a comment section or forum). Despite the fact that the malicious code is on the server, it is still considered a client side attack because it is not harming the server itself but instead is harming users that visit the site and is using the server as a mechanism to serve the code to the client. Good analogy would be if you poison the food at a restaurant, you are not harming the server but rather the customer they serve the food to. Reflected - This is what I demo in the video, it's when the harmful code is not saved. In order to use this to attack the client you will usually have to have them click on a link where the harmful code is in the url parameters If you are interested in me making a video to explain this in greater depth, let me know! I'm always open to making new videos
![Seungmin "그렇게, 천천히, 우리(As we are)" | [Stray Kids : SKZ-PLAYER]](http://i.ytimg.com/vi/kAzmhLHePqU/mqdefault.jpg)
![Noob To Max With DRAGON REWORK In Blox Fruits [FULL MOVIE]](http://i.ytimg.com/vi/LnBMOinoOvA/mqdefault.jpg)
thanks a lot! I had been looking for this for a long time. Greetings from Colombia
Happy to help! Greetings from the U.S. my man!
Excelente tutorial.. Congrats..
thank you....it helped me a lot with my project!!
so what adding it to the html
Thank you for your comment! Can you explain your question a bit more, I'm not sure I understand
@@cybergoldenretriever was wonder is it possible to do xss from the client side or if the server side is validating no need to worry about the client side
@@moj929 XSS is inherently a client side attack and when I demo'd it at ~6:07 the attack was done from a client side perspective. One thing to note is that there are a couple forms of XSS, namely, stored and reflected.
Stored - This is when the malicious code is stored on the server itself (usually via a comment section or forum). Despite the fact that the malicious code is on the server, it is still considered a client side attack because it is not harming the server itself but instead is harming users that visit the site and is using the server as a mechanism to serve the code to the client. Good analogy would be if you poison the food at a restaurant, you are not harming the server but rather the customer they serve the food to.
Reflected - This is what I demo in the video, it's when the harmful code is not saved. In order to use this to attack the client you will usually have to have them click on a link where the harmful code is in the url parameters
If you are interested in me making a video to explain this in greater depth, let me know! I'm always open to making new videos
Nice thanks for the info.
Next tutorial.. Create the site firewall in c#
What if I want to use a WYSIWYG editor? What then?