GIMANA CARA HACKER NYURI COOKIE ADMIN DENGAN STORED XSS DAN PENCEGAHANNYA

Поделиться
HTML-код
  • Опубликовано: 13 окт 2024
  • buat para haters laravel, ini bukan laravelnya yang ga aman ya.. webnya sengaja gua bikin vulnerable untuk kebutuhan demo ajaa okee??
    Donasi channel Malvin Val (OVO / GoPay / Dana / LinkAja)
    saweria.co/mal...
    📢 FOLLOW SOCIAL MEDIA 📢
    / malvin.val
    / malvinval
    github.com/mal...

Комментарии • 20

  • @malvinval
    @malvinval  23 часа назад +3

    Gak semua framework / tech secara default mengimplement HttpOnly cookie seperti Laravel ini yaa. Secure ur app!!

  • @basithrazaky
    @basithrazaky День назад

    Terima kasih atas ilmunya bang Malvin

  • @mramadaaa
    @mramadaaa 21 час назад

    terimakasih ilmunya bang, daging semua

  • @JosprimaSihombing
    @JosprimaSihombing 2 часа назад

    Terimakasih bang

  • @jenn9233
    @jenn9233 8 часов назад +1

    berarti tetap harus inject scriptnya? misal tiap input kita validasi dan sanitize dan cookie httpOnly tetap false apakah tetap bisa dicuri tokennya?

    • @ahmadfajrulfalaah
      @ahmadfajrulfalaah 6 часов назад +2

      ga bisa, malah justru ini solusi yang bener. Bug XSS nya difixing dlu, baru cookienya diset ke true.
      kalau bug XSSnya ga difixing, sama aja.
      Dia bisa kasih script lain buat ngakalin nyuri user passnya.
      contoh: script js untuk nimpa halaman login admin, seakan si admin logout lagi, akhirnya dia masukin tuh user pass. Jadilah user pass dicolong sama hacker.

  • @hekalg7574
    @hekalg7574 День назад +6

    jadi harusnya aman ya karna defaultnya true?

    • @malvinval
      @malvinval  День назад

      kalo dalam konteks ini iya aman. tapi ga semua framework itu secara default menerapkan ini. ada beberapa yang harus diconfigure secara eksplisit.

  • @low_scarlet
    @low_scarlet 13 часов назад

    nah baru ini bermanfaat dari pada video video puzzle atau teka teki gaje yang ga masuk akal

  • @zulkar465
    @zulkar465 19 часов назад +2

    pake Linux apa Windows bang?

    • @rizwanelansyah471
      @rizwanelansyah471 4 часа назад

      Kalo dilihat dari UI-nya kayak ya ini Linux distro Ubuntu dengan Gnome DE

  • @baceng5241
    @baceng5241 День назад

    Keren Bg mudah dipahami

  • @TheOwl-zg6si
    @TheOwl-zg6si Час назад

    Bang kalau pakai JWT bisa dibobol pakai cara ini ya?

  • @sep1521
    @sep1521 15 часов назад

    klo konteks serverless masih rentan xss kah?

    • @n0paleon7
      @n0paleon7 9 часов назад

      serverless itu arsitektur program, nggk ada hubungannya dgn xss attack

  • @ASSADJENIUS
    @ASSADJENIUS День назад

    Hem. Gak ada cara lebih baik proteksi ?

    • @Lohehkamu21
      @Lohehkamu21 День назад

      ya minimal dikasih validasi aja oke ko

    • @ltothej5711
      @ltothej5711 19 часов назад +2

      Always sanitize user input in both frontend and backend. No exception

    • @BammTech
      @BammTech 2 часа назад

      Selalu validasi kasih rule. Kalo mau aman setiap aksi/update selalu terapkan auth di fn dan bn.

Следующие
Автовоспроизведение
I used LMDE and MX Linux for a week. Here's My Honest Verdict!21:33I used LMDE and MX Linux for a week. Here's My Honest Verdict!
I used LMDE and MX Linux for a week. Here's My Honest Verdict!Linux Tex
Просмотров 6 тыс.
Tutorial Laravel Filament : Bikin Fitur CRUD cuma 2 menit !!!39:07Tutorial Laravel Filament : Bikin Fitur CRUD cuma 2 menit !!!
Tutorial Laravel Filament : Bikin Fitur CRUD cuma 2 menit !!!Septiawan Aji Pradana
Просмотров 12 тыс.
101 Konsep Linux yang Wajib Kamu Tahu! Jadi Linux Master dengan Cepat 🔥6:50101 Konsep Linux yang Wajib Kamu Tahu! Jadi Linux Master dengan Cepat 🔥
101 Konsep Linux yang Wajib Kamu Tahu! Jadi Linux Master dengan Cepat 🔥Dicoding Indonesia
Просмотров 1,1 тыс.
What Happened at Walt Disney World - Hurricane Milton13:49What Happened at Walt Disney World – Hurricane Milton
What Happened at Walt Disney World - Hurricane MiltonMickey Views
Просмотров 663 тыс.
Chuckyy - Need4Speed (Official Music Video)02:34Chuckyy - Need4Speed (Official Music Video)
Chuckyy - Need4Speed (Official Music Video)Chuckyy
Просмотров 354 тыс.
Aftermath of Hurricane Milton - LZ Compound Update12:24Aftermath of Hurricane Milton - LZ Compound Update
Aftermath of Hurricane Milton - LZ Compound UpdateAdam LZ
Просмотров 689 тыс.
Fortnitemares All Bosses & Mythic Weapons Locations Guide (2024)03:01Fortnitemares All Bosses & Mythic Weapons Locations Guide (2024)
Fortnitemares All Bosses & Mythic Weapons Locations Guide (2024)EveryDay FN
Просмотров 235 тыс.
Remote Code Execution via File Upload | RCE | Unrestricted File Upload7:33Remote Code Execution via File Upload | RCE | Unrestricted File Upload
Remote Code Execution via File Upload | RCE | Unrestricted File UploadDevSec Hacker
Просмотров 2,2 тыс.
TUTORIAL ISENGIN BALIK PENIPU FILE APK BERKEDOK UNDANGAN NIKAH. GAS SAMPE DIA TUTUP AKUN WKWK!12:36TUTORIAL ISENGIN BALIK PENIPU FILE APK BERKEDOK UNDANGAN NIKAH. GAS SAMPE DIA TUTUP AKUN WKWK!
TUTORIAL ISENGIN BALIK PENIPU FILE APK BERKEDOK UNDANGAN NIKAH. GAS SAMPE DIA TUTUP AKUN WKWK!Malvin Val
Просмотров 117 тыс.
Structs in JS might change everything22:38Structs in JS might change everything
Structs in JS might change everythingTheo - t3․gg
Просмотров 52 тыс.
Replit Agent VS Bolt.new (Build a SaaS with AI in minutes)12:11Replit Agent VS Bolt.new (Build a SaaS with AI in minutes)
Replit Agent VS Bolt.new (Build a SaaS with AI in minutes)Brock Mesarich | AI Automation
Просмотров 7 тыс.
Bolt.new Tutorial for Beginners (the Cursor AI and V0 Killer)33:31Bolt.new Tutorial for Beginners (the Cursor AI and V0 Killer)
Bolt.new Tutorial for Beginners (the Cursor AI and V0 Killer)Greg Isenberg
Просмотров 52 тыс.
Cara Hosting Laravel di Vercel Gratis (bahasa indoensia)3:37Cara Hosting Laravel di Vercel Gratis (bahasa indoensia)
Cara Hosting Laravel di Vercel Gratis (bahasa indoensia)Bayu Maulana Ikhsan
Просмотров 1,7 тыс.
🚨 Dependency warnings in a fresh Nuxt application?15:49🚨 Dependency warnings in a fresh Nuxt application?
🚨 Dependency warnings in a fresh Nuxt application?Alexander Lichter
Просмотров 3,1 тыс.
Arch Linux Experience - Hyprland39:02Arch Linux Experience - Hyprland
Arch Linux Experience - HyprlandBog
Просмотров 161 тыс.
Is the VAR right?!😱#footballplayer #futbol #soccerplayer #soccer #football #futbolista #var *ad00:29Is the VAR right?!😱#footballplayer #futbol #soccerplayer #soccer #football #futbolista #var *ad
Is the VAR right?!😱#footballplayer #futbol #soccerplayer #soccer #football #futbolista #var *adTOUZANI TV
Просмотров 9 млн
How many can you smash?🍫 IB : Florin00:19How many can you smash?🍫 IB : Florin
How many can you smash?🍫 IB : FlorinISSEI / いっせい
Просмотров 2,5 млн
How to crop your jacket perfectly 🧥 Save & subscribe for #styling #shorts00:13How to crop your jacket perfectly 🧥 Save & subscribe for #styling #shorts
How to crop your jacket perfectly 🧥 Save & subscribe for #styling #shortsBO BROWN
Просмотров 971 тыс.
ПИ ДИДДИ: полный анализ ТЕОРИЙ с доказательствами. Lady Gaga, Wendy, The Weeknd, Beyonce, Jay Z1:18:30ПИ ДИДДИ: полный анализ ТЕОРИЙ с доказательствами. Lady Gaga, Wendy, The Weeknd, Beyonce, Jay Z
ПИ ДИДДИ: полный анализ ТЕОРИЙ с доказательствами. Lady Gaga, Wendy, The Weeknd, Beyonce, Jay ZРАМУЗЫКА
Просмотров 220 тыс.
Авто уровни Happy Glass level 604 - 60600:49Авто уровни Happy Glass level 604 - 606
Авто уровни Happy Glass level 604 - 606ASG
Просмотров 1,1 млн
🤔Где сапфировое стекло в смартфоне? 📱00:52🤔Где сапфировое стекло в смартфоне? 📱
🤔Где сапфировое стекло в смартфоне? 📱Не шарю!
Просмотров 777 тыс.
Вертикальный мангал адвоката Егорова01:00Вертикальный мангал адвоката Егорова
Вертикальный мангал адвоката ЕгороваАдвокат Егоров
Просмотров 107 тыс.
🕊️Valera🕊️00:34🕊️Valera🕊️
🕊️Valera🕊️DO$HIK
Просмотров 3,9 млн