Solid approach for XSS hunting since it can be tempting to skip straight to XSS without trying the HTML injection to XSS route. Did you modify your payload to show impact before submitting the bug report? Many companies will push back if your PoC just includes the alert() payload.
At this stage it's an html injection so no boundy. Still testing on the end point to find loop holes in the sanitization. This almost worked alert(1) but script tag is actually properly html encoded. Most of the event handlers like onclick, onerror, onmouseover etc.. are properly sanitized. But still attributes like , can be injected so there might be a loop hole still, targeting the end point.
hey i am beginner in this field and have absolute 0 knowledge can u tell me how to start bug bounty its prerequisite what to leran how much time it takes to lern in general plz read this comment thx
@@apranaya7782 Begin by learning how the web works, particularly web requests POST,GET,PUT),as it forms the foundation of web security. Next, focus on one vulnerability, like Cross-Site Scripting (XSS), and learn everything about it. Practice using labs like PortSwigger's Web Security Academy to understand how it works. Once you’re confident, create an account on platforms like Bugcrowd, HackerOne, or YesWeHack, and start with Vulnerability Disclosure Programs (VDPs) to gain experience. Pick a target and hunt for that specific vulnerability (e.g., XSS). After finding and reporting some bugs, move on to learning another vulnerability and apply both on your next target. The learning process takes time and dedication, but with consistent practice, you can start finding bugs within a few months. Keep pushing and growing!
u wont get xss on main site.. u should try every parameter u see or try fetch some hidden parameter..than only u can.. but still everyone hunting on it so bigger chance u get dup
Let me explain: XSS (Cross-Site Scripting) allows attackers to inject malicious scripts into web pages viewed by other users. In this case, I was able to inject a complete tag along with its attributes, including an unsanitized target attribute, which was not properly filtered. It should have been considered as text. This is my payload: bug This payload demonstrates a combination attack rather than a direct XSS attack. The primary attack vector here is the misuse of the target attribute, which the application did not properly sanitize. This method reveals a potential vulnerability in handling the target attribute. Regular users can be tricked into following the link to an external site, exploiting the credibility of a legitimate site like Udemy to execute the attack. Ideally, a site like Udemy should not have a vulnerability like this. The goal was to highlight the issues in Udemy's input sanitization, demonstrate how it could be bypassed, and identify the type of sanitization used by a particular website. However, I acknowledge that a more direct approach would have been more effective in emphasizing the XSS vulnerability. Thank you for your feedback, and I am committed to improving my methods.
hey abdul, I see alot of you guys rendering it not being the XSS but I think it is since we can redirect a user to another website that could be malicious. in other words its open redirection through xss because it resulted from the input we injected. although it requires social engineering to work but it is a URL redirection through xss. plz elaborate if im wrong. Thanks ,
No at this stage it's an html injection. Still testing on the end point to find loop holes in the sanitization. This almost worked alert(1) but script tag is actually properly html encoded. Most of the event handlers like onclick, onerror, onmouseover etc.. are properly sanitized. But still attributes like , can be injected so there might be a loop hole still, targeting the end point.
@@adithyakrishna_v Hey Aditya, I see alot of guys rendering it not being the XSS but I think it is since we can redirect a user to another website that could be malicious. in other words its open redirection through xss because it resulted from the input we injected. although it requires social engineering to work but it is a URL redirection through xss. plz elaborate if im wrong. Thanks ,
Let me explain: XSS (Cross-Site Scripting) allows attackers to inject malicious scripts into web pages viewed by other users. In this case, I was able to inject a complete tag along with its attributes, including an unsanitized target attribute, which was not properly filtered. It should have been considered as text. This is my payload: bug This payload demonstrates a combination attack rather than a direct XSS attack. The primary attack vector here is the misuse of the target attribute, which the application did not properly sanitize. This method reveals a potential vulnerability in handling the target attribute. Regular users can be tricked into following the link to an external site, exploiting the credibility of a legitimate site like Udemy to execute the attack. Ideally, a site like Udemy should not have a vulnerability like this. The goal was to highlight the issues in Udemy's input sanitization, demonstrate how it could be bypassed, and identify the type of sanitization used by a particular website. However, I acknowledge that a more direct approach would have been more effective in emphasizing the XSS vulnerability. Thank you for your feedback, and I am committed to improving my methods.
@@abdulx01 Let me explain: It is an indirect or Cross-Context XSS and not Self-XSS . Cross-Context XSS involves using a trusted site (Udemy) to inject a payload that redirects and executes on another site. The primary vulnerability here is the lack of proper attribute sanitization by Udemy, allowing the crafting of such a payload. In self-XSS attacker tricks the user into executing malicious scripts in their own browser. Typically, this involves convincing the user to paste malicious code into the browser’s console or into a form on a trusted website.
![Summer Walker - Heart Of A Woman [Official Lyric Video]](http://i.ytimg.com/vi/SFddctbZzw8/mqdefault.jpg)
It will not get udemy cookies because xss runs on the website you specify
Bro that's nice explanation
Can. You make more videos on how to find other vulnerability too your approach on real bug bounty target
sure 👍
Solid approach for XSS hunting since it can be tempting to skip straight to XSS without trying the HTML injection to XSS route. Did you modify your payload to show impact before submitting the bug report? Many companies will push back if your PoC just includes the alert() payload.
But that xss is not in udemy it is triggered in the lab.?
Bro that was no real XSS
bro make a video about how to use sqlmap tamper scripts for bypass waf
Bro can you share, where you have submitted and how was bounty for same?
At this stage it's an html injection so no boundy. Still testing on the end point to find loop holes in the sanitization. This almost worked alert(1) but script tag is actually properly html encoded. Most of the event handlers like onclick, onerror, onmouseover etc.. are properly sanitized. But still attributes like , can be injected so there might be a loop hole still, targeting the end point.
hey i am beginner in this field and have absolute 0 knowledge can u tell me how to start bug bounty its prerequisite what to leran how much time it takes to lern in general plz read this comment thx
@@apranaya7782 Begin by learning how the web works, particularly web requests POST,GET,PUT),as it forms the foundation of web security. Next, focus on one vulnerability, like Cross-Site Scripting (XSS), and learn everything about it. Practice using labs like PortSwigger's Web Security Academy to understand how it works. Once you’re confident, create an account on platforms like Bugcrowd, HackerOne, or YesWeHack, and start with Vulnerability Disclosure Programs (VDPs) to gain experience. Pick a target and hunt for that specific vulnerability (e.g., XSS). After finding and reporting some bugs, move on to learning another vulnerability and apply both on your next target. The learning process takes time and dedication, but with consistent practice, you can start finding bugs within a few months. Keep pushing and growing!
just hack,watch videos,play with burp fetched request,read hacking articles on medium or any online site, and play with kali linux terminal
Thanks brother after seeing you video i also gone to udemy and started hunting and in less than 20mins i found a bug 🎉
what bug have found can you please tell and how ? please
u wont get xss on main site.. u should try every parameter u see or try fetch some hidden parameter..than only u can.. but still everyone hunting on it so bigger chance u get dup
One of the best to look for xss
Thank you very much
Can you please share the resources that you used to build up this methodology.
I didn't rely on any particular resources; I just practiced and refined my methodology over time.
@@adithyakrishna_v can you share that methodology
Avasam face kanikkane thodangiyalle nalla kariyam
English Velliya problem Ella
Keep going🎉🎉🎉
nice do more videos.add more tips while hunting
Firstly I was totally sock to see your xss on udyme. 😅 Bro first you need learn xss to teach us. Noob boi 😅
Let me explain:
XSS (Cross-Site Scripting) allows attackers to inject malicious scripts into web pages viewed by other users. In this case, I was able to inject a complete tag along with its attributes, including an unsanitized target attribute, which was not properly filtered. It should have been considered as text.
This is my payload: bug
This payload demonstrates a combination attack rather than a direct XSS attack. The primary attack vector here is the misuse of the target attribute, which the application did not properly sanitize.
This method reveals a potential vulnerability in handling the target attribute. Regular users can be tricked into following the link to an external site, exploiting the credibility of a legitimate site like Udemy to execute the attack. Ideally, a site like Udemy should not have a vulnerability like this.
The goal was to highlight the issues in Udemy's input sanitization, demonstrate how it could be bypassed, and identify the type of sanitization used by a particular website. However, I acknowledge that a more direct approach would have been more effective in emphasizing the XSS vulnerability.
Thank you for your feedback, and I am committed to improving my methods.
same thinking bhai :)
hey abdul, I see alot of you guys rendering it not being the XSS but I think it is since we can redirect a user to another website that could be malicious. in other words its open redirection through xss because it resulted from the input we injected.
although it requires social engineering to work but it is a URL redirection through xss.
plz elaborate if im wrong.
Thanks ,
And also make a video for url encoding xsss
nine suresh gopi kondu povum😅 nice video
😅
How much bounty gain ?
Video is pretty good. But can you please stop saying "see" so frequently. It's little bit irritating
sure😅
So did you earnt something for this
No at this stage it's an html injection. Still testing on the end point to find loop holes in the sanitization. This almost worked alert(1) but script tag is actually properly html encoded. Most of the event handlers like onclick, onerror, onmouseover etc.. are properly sanitized. But still attributes like , can be injected so there might be a loop hole still, targeting the end point.
@@adithyakrishna_v Hey Aditya,
I see alot of guys rendering it not being the XSS but I think it is since we can redirect a user to another website that could be malicious. in other words its open redirection through xss because it resulted from the input we injected.
although it requires social engineering to work but it is a URL redirection through xss.
plz elaborate if im wrong.
Thanks ,
Xss portswigger lab ka h 😂😂, pag al mt bnaoo logo ko
😅
Let me explain:
XSS (Cross-Site Scripting) allows attackers to inject malicious scripts into web pages viewed by other users. In this case, I was able to inject a complete tag along with its attributes, including an unsanitized target attribute, which was not properly filtered. It should have been considered as text.
This is my payload: bug
This payload demonstrates a combination attack rather than a direct XSS attack. The primary attack vector here is the misuse of the target attribute, which the application did not properly sanitize.
This method reveals a potential vulnerability in handling the target attribute. Regular users can be tricked into following the link to an external site, exploiting the credibility of a legitimate site like Udemy to execute the attack. Ideally, a site like Udemy should not have a vulnerability like this.
The goal was to highlight the issues in Udemy's input sanitization, demonstrate how it could be bypassed, and identify the type of sanitization used by a particular website. However, I acknowledge that a more direct approach would have been more effective in emphasizing the XSS vulnerability.
Thank you for your feedback, and I am committed to improving my methods.
@@adithyakrishna_v This type. Called self xss.. If you increase the impact then this could be valid. Your payload got fired another domain.
@@abdulx01 Let me explain:
It is an indirect or Cross-Context XSS and not Self-XSS . Cross-Context XSS involves using a trusted site (Udemy) to inject a payload that redirects and executes on another site. The primary vulnerability here is the lack of proper attribute sanitization by Udemy, allowing the crafting of such a payload.
In self-XSS attacker tricks the user into executing malicious scripts in their own browser. Typically, this involves convincing the user to paste malicious code into the browser’s console or into a form on a trusted website.
@@adithyakrishna_v chat gpt to thik se use kar le bhai
are you from kerala :)
ya
❤
Bro malayalathil video cheyo
ruclips.net/p/PL2K366VwU2XEjLQf7er_dBYgUDA-gyqSb
@@adithyakrishna_v bug bounty malayalathil cheyo real world
NA
Lowdey start from
Basic
Bruuh come on 😂 xss on portswigger
Right bro it's not udamy