How to Trigger XSS in Email login field | Bug bounty poc
HTML-код
- Опубликовано: 4 фев 2024
- Disclaimer: This video is for strictly educational and informational purpose only. I own all equipment used for this demonstration. Hacking without permission is illegal so always ensure you have proper authorization before using security tools in any network environment. thanks.
Наука
Music goes very well with the content, thanks for sharing. Hats off
❤️
Where do I learn such stuff bro. Thats damn cool
solve portswigger labs and learn some techniques from hacktricks website and also solve bwapp lab
Excellent Boss 🎉❤, if possible, cover these advanced topics like How to bypass Drupal CMS or other secured CMS? How to bypass HARD WAF protection that stops HTML, SQL, and XSS injection payloads? Payload single-double-triple encoding using Cyber-Chef? How to find the real origin IP of secured websites behind Cloudflare, Akamai, ModSecurity, AWS CDN, etc.,? How to bypass Hard WAF using SQLMAP or Burpsuite? How to find hidden vulnerable parameters and endpoints inside the .js and .jason files? How to find hidden admin pages, cPanel pages, and WHM pages ? Please cover these important topics. Thanks
👌💰🔥💉🔑🏆👍📹🌎✅️♥️
sure i will upload all things..
Bro does this attack work on any website built on particular frameworks?
yes if javascript is not properly filterd in login form..
how do you test usernames what is the methodology?
if there is wordpress site check /wp-json/wp/v2/users api endpoint and also check login page source page and check js files there and also try bruteforce login with header X-Forwarded-For:
this will bypass ip login attempt block..
Amazing 🎉 i just wanan how victims get triggered of xss? What’s the impact?
you can make a csrf poc and send the html document or send a url with that html linked when they click it you got there session cookie and you can login there account with that cookie its called full account takeover..
@@lostseccYes, that is if it is vulnerable to CSRF and there is no CSRF token
Also not to mention if your a developor this attack could be used to hack people and perform drive by malware to completely compromising the webserver both ends of the spectrum people take xss lightly most the time and it should definitly not be
yes it should be used to spread malware also..
Good Job bro..
thnq so much brother ❤️ keep supporting..
why did you make tutorials about your skill
bcz i want all the Hacker community to grow together..
@@lostsecchey the payloadss and every automated tool you have asap
Stored xss or not
its stored
أحسنت ❤
Please share payloads. Thanks ✅️
Are you a bug bounty hunter
ys
nice payload
Can you share that payload?
">"@x.y
@@lostsecc thanks, Btw I found a disclosed Google maps API, can this be reported?
@@an0nbil
Previously it was valid, now it's not accepted because of Google started to give a refund for the malicious activities.
So there's no impact 😅
oh but trying wont cost anything 😂😂@@3llam
@@an0nbil will cost an informative or N/A report 😂
you are just incapable of posting a video without the cringe music for 14 year olds
i like phonk music
Exactly the video is good, but music is shit
You have d!$cord?
i have telegram channel check in channel description..
@@lostsecc bhai gov. site hack kra, koi issue nhi hua? Ya fir this site is yours
@@lostsecc its not there
@@Zirzux i removed it i will make anotherone discord soon
Share payload ❤
">"@x.y
@@lostsecc thanks bro ♥️
Hey Bro what can i do while pemetesting i get blocked by website how to not getttig caught and how can i contact you in telegram im not able to messahe you personally.
rate limit your request if you are bruteforcing or use ip rotater extension so that you not have been blocked !