To login as admin without SQL injection, create a new user and intercept with Burp. There's a parameter to change isAdmin to true. That allows new users to have admin status and now you can access Administration, delete 5-star, and succeed in that challenge.
hey maybe you could answer this, I spent a good 10 mins trying to figure out the first xss, without any success, I could get too where you got, except for the bitwise part.. How are we suppose to know to try that? I don't get it, that would have never ever crossed my mind :/
Please upload Stored XSS sanitized thing again not working in latest juiceshop. FYI - I am running it in heroku as have 2gb Ram laptop that can't handle virtual machine or any large softwares.
Can you make or advise where to learn thing that black hat hackers do to understand how to secure from them? Can you act on all your video as an black hat would do? Only for educational purposes.
During your XSS TIER 1.5 , I do not really quite understand how you are doing with bitwise operators. I did research and google and portswigger.net, but still don't seem to understand it... Any suggestions for me to learn about this? I went through great portswigger tutorial : support.portswigger.net/customer/portal/articles/2590804-Methodology_XSS_Filters.html#Signature
![Ice On My Teeth - ATEEZ エイティーズ 에이티즈 [Music Bank] | KBS WORLD TV 241115](http://i.ytimg.com/vi/c-n92OgbbwA/mqdefault.jpg)
I hope you enjoyed this video! If so, please consider dropping a like and subscribing.
Thank you TCM for the good session. Very informative.
Thank you for fantastic SQLi explanation. Now, it's clear for me ^^
Glad you enjoyed it!
Hello sir.
This is really informative.
Thank you for putting this out there for newbies like myself :)
To login as admin without SQL injection, create a new user and intercept with Burp. There's a parameter to change isAdmin to true. That allows new users to have admin status and now you can access Administration, delete 5-star, and succeed in that challenge.
Correct. Covered in episode 4 :)
Bro Thanks for that wonderful session. Learn about how the SQL query is breaking it. Thanks for that video.
Thank you for sharing your knowledge and experiences!
Are you planning on doing a course on Code Review for Web apps assessments?
Not at this time, no.
Okay :) thanks again for your work!
Love from Helsinki.
Super lovely content.
Thanks TCM, another great vid!
Thank you Pema
I used this payload for xss 1.5 alert(`xss`)
I tried using htis payload.input=
@@na_natsuki6045 remove single quote and use ` instead of '
thank you for every video you upload !
hey maybe you could answer this, I spent a good 10 mins trying to figure out the first xss, without any success, I could get too where you got, except for the bitwise part.. How are we suppose to know to try that? I don't get it, that would have never ever crossed my mind :/
Love you!!Love you!!Love you!!
Love you more!
Once was top 5 but BAC is top 1 now
Another excellent video
Please upload Stored XSS sanitized thing again not working in latest juiceshop. FYI - I am running it in heroku as have 2gb Ram laptop that can't handle virtual machine or any large softwares.
Awesome Bro....
How do you perform xss attack when alert prompt is blocked?
you bypass content security policy using the link in image
there a recent video i solved that
You are my Best !! ^_^
Hey tcm ,,can u tell me alternate sites for juiceshop cauz its no longer working
Bom dia por aí. (Good morning there).
Very helpful thank you 😊
You're welcome!
Hi Bro can u please make owasp api top 10 video also .I am watching all of your tutorials are awsome
APIs are susceptible to most of the same attacks as web apps (e.g. injection, IDOR, XSS, etc.)
How does the page load the urls with a # in them, i don't see any get requests for loading for example/#/score-board or so
I tried every possible password from that mc safesearch's video. I got his email from the admin panel. but password just don't match.
Saludos desde Colombia
Can you make or advise where to learn thing that black hat hackers do to understand how to secure from them? Can you act on all your video as an black hat would do? Only for educational purposes.
I stay far away from any blackhat talk or discussion to keep the RUclips gods happy
i can't find xss tier in juiceshop
Do some bug bounty searching live
Cant do that
@@TCMSecurityAcademy why
@@DarkOverFlowOverflow He can not do this because of disclosure rules of the bug bounty programs.
@@Mad_Computer_Scientist ahhh
Try xss bug on Woodland website
Thank you so much
Thanks
During your XSS TIER 1.5 , I do not really quite understand how you are doing with bitwise operators. I did research and google and portswigger.net, but still don't seem to understand it... Any suggestions for me to learn about this?
I went through great portswigger tutorial : support.portswigger.net/customer/portal/articles/2590804-Methodology_XSS_Filters.html#Signature