Welcome to the comment section! First, thanks for watching! Make sure you are subscribed if you liked the video! ruclips.net/user/BugBountyReportsExplained Follow me on twitter: twitter.com/gregxsunday ✉️ Sign up for the mailing list ✉️ mailing.bugbountyexplained.com/ ☕️ Support my channel ☕️ www.buymeacoffee.com/bountyexplained 🖥 Get $100 in credits for Digital Ocean 🖥 m.do.co/c/cc700f81d215
Usually, you see at the first sight which response comes from WAF, as it usually has "Blocked by WAF" message or similar. In this case, the filter didn't cause 403 status, but it was standard 200 OK, but some parts from the user input were deleted.
Bro i cant find the browser extension that u use at min 7:14. Its available for firefox? Could u tell me the extension name? P. D: Thanks for your videos, u are so good!
How can someone became a Pro bug hunter ? Why very few bug hunter are successful in a long run ? What can be done , what should be learning continuously to stay ahead?
well, that is a good question, but you should ask profession bounty hunters. I'm mainly a pentester and that's why I understand all this stuff, but Im not really actively doing bug bounties since I've started the YT channel.
Can someone explain to me how a hacker uses this scenario to do something malecious in the end? It showed an alert so would it have been possible to also inject some other code which does other things? Thank you
Showing an alert box is an indicator that attacker was able to run javascript. Of course, alert is not malicious but being able to run javascript is. by running javascript, you can do a ton of things (basically everything that the frontend application would do) and some common techniques are to send the "victim's" cookie to an attacker, extract other information from the application and send it to the attackers, etc. xss is a client-side attack meaning that all those attacks are done towards another user by sending a malicious link to the "victim" if we are talking about a reflected xss or mass-targeting a lot of users that visit a specific page when we are talking about stored xss. the sky is the limit if your application suffers from xss.
@@BugBountyReportsExplained if we look at burp suite, there's an option to replace the response header which is the xss protection right? how do you do the PoC since the burp option only aaffect our browser. is that even make sense?
Great video, thanks for outlining all the steps! Am I wrong or html encoding HTML special characters on the waf or application side would have been enough to prevent the exploit?
i'd go for: 1) python or other scripting language where you will be able to write some scripts if you need 2) write some web applications to understand the developer side of things 3) some knowledge about bash or equivalent
![MISSING: SLIM SHADY [Expanded Mourner’s Edition Trailer]](http://i.ytimg.com/vi/xh8qgHrOO1g/mqdefault.jpg)
Welcome to the comment section!
First, thanks for watching!
Make sure you are subscribed if you liked the video!
ruclips.net/user/BugBountyReportsExplained
Follow me on twitter:
twitter.com/gregxsunday
✉️ Sign up for the mailing list ✉️
mailing.bugbountyexplained.com/
☕️ Support my channel ☕️
www.buymeacoffee.com/bountyexplained
🖥 Get $100 in credits for Digital Ocean 🖥
m.do.co/c/cc700f81d215
Respect for the explainer and researchers!
What a great explanation. Subscribed already..
Thank you for sharing.
thank you for watching!
All videos of this channel are awesome and very informative
Thank you so much 😀
Awesome bro, nice explaination , even I stuck with waf bypass
it seems like a really tough one so nothing to be ashamed of mate!
Wow this 4 bypass was amazing even I never understand😉 simply super
yeah, amazing!
Very useful, good explanation. Plz post more
Once I found a xss in Google forms, in that I bypassed three filters....a waf and two CSP's
congrats mate!
xss seems like a vast ocean highly dependent on the individual program and its filters.
indeed! there are tons of different vectors and bypasses
Very informative, keep doing, continue, thanks
Im very happy you think so!
Thanks for the explanation bro 👍
thanks for watching bro 👊
your videos are always Awesome! keep it up
thank you mate! 👊
Great job buddy :)
thank you buddy
Great video.Is 403 status always comes from the waf..so we would know waf is blocking us not the filters!?
Usually, you see at the first sight which response comes from WAF, as it usually has "Blocked by WAF" message or similar. In this case, the filter didn't cause 403 status, but it was standard 200 OK, but some parts from the user input were deleted.
Keep with the good work up!
thanks bro I will!
What most surprised me is the fact of these guys remember action script and think about to use it to exploit the vulnerability
John cina?
Thank you!
👌
Bro i cant find the browser extension that u use at min 7:14. Its available for firefox? Could u tell me the extension name?
P. D: Thanks for your videos, u are so good!
its hackbar
Great! Awesome!
👌
Could you please make a video on web pentesting using devtools
I described a part of my Devtools workflow in "BYPASSING CLIENT-SIDE XSS FILTERS" that's in BBRE Premium archive ;)
Legendary exploit, legendary explanation
legendary comment
How can someone became a Pro bug hunter ?
Why very few bug hunter are successful in a long run ?
What can be done , what should be learning continuously to stay ahead?
well, that is a good question, but you should ask profession bounty hunters. I'm mainly a pentester and that's why I understand all this stuff, but Im not really actively doing bug bounties since I've started the YT channel.
@Oliver
Yes ,
But how ?
What is the Right pathway ?
thank you
thanks for watching!
Superb
👌
Do share Poc video
How to bypass html encoding? do a video on that
You can't.
Can someone explain to me how a hacker uses this scenario to do something malecious in the end? It showed an alert so would it have been possible to also inject some other code which does other things? Thank you
Showing an alert box is an indicator that attacker was able to run javascript. Of course, alert is not malicious but being able to run javascript is. by running javascript, you can do a ton of things (basically everything that the frontend application would do) and some common techniques are to send the "victim's" cookie to an attacker, extract other information from the application and send it to the attackers, etc. xss is a client-side attack meaning that all those attacks are done towards another user by sending a malicious link to the "victim" if we are talking about a reflected xss or mass-targeting a lot of users that visit a specific page when we are talking about stored xss. the sky is the limit if your application suffers from xss.
As Yakushi responded, you can do whatever the victim can do on an attacked website and read all data that the victim can read.
Cool! So we can bypas waf w/ various payload, but how about x-xss-protection=1 can we bypass it?
it's meaningless now. Is was there only for browser xss filter like chrome auditor. Auditor is no longer in modern versions of chrome.
@@BugBountyReportsExplained if we look at burp suite, there's an option to replace the response header which is the xss protection right? how do you do the PoC since the burp option only aaffect our browser. is that even make sense?
Great video, thanks for outlining all the steps! Am I wrong or html encoding HTML special characters on the waf or application side would have been enough to prevent the exploit?
you should make poc without any match&replace rules in burp so your POC is representative of a real attack
@Alessandro you not wrong, HTML encoding is simple, yet unbypassable way of mitigating XSS attacks
Which of the extension you are using in browser
i think the one visible on the screenshot is hackbar for firefox
@@BugBountyReportsExplained thanks dude
Cool !!!!
👊
Love the accent btw
thank you buddy 😊
Sorry but what's your country it's looks like Russia or Algeria
Poland
@@BugBountyReportsExplained ok bro cool
Pozdro :) !
siema!
"That gets triggered"
Yea, it propably got really angry, maybe even triggered...
_bottomtext_
TRIGGERED
Please tell me what programming languages to learn to be an ethical hacker or pentester
i'd go for:
1) python or other scripting language where you will be able to write some scripts if you need
2) write some web applications to understand the developer side of things
3) some knowledge about bash or equivalent
Sir work in demo Please 🙏🙏🙏🙏
what is demo?
@@BugBountyReportsExplained i mean work in website
❤️
😊😊
At least add English subtitles for all videos
There are english subtitles for this video and for most of them
Mission Impossible 😄
it definately looked like the end. That's what I like about this report the most!