- 309
- 47 826
Mohd Badrudduja
Saudi Arabia
เข้าร่วมเมื่อ 16 ต.ค. 2011
Penetration Tester | Hacker | Cyber security Researcher.
SameSite Lax bypass via cookie refresh - Lab#10
#csrf #samesite #bypass #portswigger #websecurity #pentesting
มุมมอง: 25
วีดีโอ
SameSite Strict bypass via sibling domain - Lab#09
มุมมอง 8419 ชั่วโมงที่ผ่านมา
#csrf #samesite #bypass #vulnerability #exploit #portswigger #websecurity
SameSite Strict bypass via client-side redirect - Lab#08
มุมมอง 72วันที่ผ่านมา
#csrf #samesite #strict #bypass #vulnerability #portswigger #websecurity #penetrationtesting
SameSite Lax bypass via method override - Lab#07
มุมมอง 4914 วันที่ผ่านมา
#csrf #samesite #portswigger #websecurity #crosssiterequestforgery #vulnerability #exploit
CSRF where token is duplicated in cookie - Lab#06
มุมมอง 5714 วันที่ผ่านมา
#csrf #portswigger #crosssiterequestforgery #websecurity #vulnerability #exploit
CSRF where token is tied to non-session cookie - Lab#05
มุมมอง 10021 วันที่ผ่านมา
#csrf #portswigger #crosssiterequestforgery #exploit #websecurity #vulnerability
CSRF where token is not tied to user session - Lab#04
มุมมอง 55หลายเดือนก่อน
#csrf #portswigger #crosssiterequestforgery #websecurity
CSRF where token validation depends on token being present - Lab#03
มุมมอง 61หลายเดือนก่อน
#csrf #portswigger #crosssiterequestforgery #vulnerability #websecurity
CSRF where token validation depends on request method - Lab#02
มุมมอง 85หลายเดือนก่อน
#csrf #crosssiterequestforgery #portswigger #vulnerability #websecurity
CSRF vulnerability with no defenses - Lab#01
มุมมอง 89หลายเดือนก่อน
#csrf #portswigger #crosssiterequestforgery #websecurity #vulnerability
What is Cross-site request forgery?
มุมมอง 51หลายเดือนก่อน
#csrf #crosssiterequestforgery #portswigger #websecurity
Exploiting insecure output handling in LLMs - Lab#04
มุมมอง 2282 หลายเดือนก่อน
#portswigger #llm #largelanguagemodels #insecure #output #handling #crosssitescripting #xss #csrf #vulnerability
Indirect prompt injection - Lab#03
มุมมอง 872 หลายเดือนก่อน
#llm #largelanguagemodels #indirectprompt #injection #portswigger #vulnerability
LLM - Indirect prompt injection
มุมมอง 872 หลายเดือนก่อน
#llm #largelanguagemodels #attack #portswigger #indirectpromptinjection #vulnerability
Exploiting vulnerabilities in LLM APIs - Lab#02
มุมมอง 822 หลายเดือนก่อน
Exploiting vulnerabilities in LLM APIs - Lab#02
Exploiting LLM APIs with excessive agency - Lab#01
มุมมอง 1222 หลายเดือนก่อน
Exploiting LLM APIs with excessive agency - Lab#01
Exploiting server-side parameter pollution in a REST URL - Lab#05
มุมมอง 772 หลายเดือนก่อน
Exploiting server-side parameter pollution in a REST URL - Lab#05
Exploiting server-side parameter pollution in a query string - Lab#04
มุมมอง 612 หลายเดือนก่อน
Exploiting server-side parameter pollution in a query string - Lab#04
Exploiting a mass assignment vulnerability - Lab#03
มุมมอง 442 หลายเดือนก่อน
Exploiting a mass assignment vulnerability - Lab#03
Finding and exploiting an unused API endpoint - Lab#02
มุมมอง 722 หลายเดือนก่อน
Finding and exploiting an unused API endpoint - Lab#02
Exploiting an API endpoint using documentation - Lab#01
มุมมอง 1032 หลายเดือนก่อน
Exploiting an API endpoint using documentation - Lab#01
What is an Application Programming Interface (API)?
มุมมอง 503 หลายเดือนก่อน
What is an Application Programming Interface (API)?
Reflected XSS protected by CSP, with CSP bypass - Lab#30
มุมมอง 1803 หลายเดือนก่อน
Reflected XSS protected by CSP, with CSP bypass - Lab#30
Reflected XSS protected by very strict CSP, with dangling markup attack - Lab#29
มุมมอง 3193 หลายเดือนก่อน
Reflected XSS protected by very strict CSP, with dangling markup attack - Lab#29
Good one.
Thanks! I'm glad you liked it.
"Congratulations sir for passing CISSP! Well deserved!"
Thanks alot. Next one will be soon 🔜
thanks
Welcome!
Sir why are not add this video in ssti playlist
Done sir. Thanks for pointing out.
Thank you for this walkthrough.
Glad it was helpful!
Good explanation….
Glad it was helpful!
thanks
You're welcome!
Great explanation mate!
Glad you liked it!
Thanks sir ❤🎉
Most welcome
Dear bro, I have been following you and would want to propose an idea if you are interested. Let's work together and find bugs in BBPs?
Thankyou so much for the proposal but i think i can't participate as much it requires because of the time limitations and work load. I reported my last 0day CVEs in 2022 and after that I didn't get that much time to keep that up. I have few 0day vulnerabilities in hand but didn't get time to even report, last year I reported major vulnerabilities in a Healthcare organization to NCA we had conversation too but couldn't follow up that again. So please don't mind, for me now is not the right time and it will be not fair if I couldn't participate in term of time.
Sir you explained the payload in detail. from where did you learn this all i want to learn, give some resource like book or websites
Me and the books could help you understand the concepts and on some level introduce you the payloads but no one can teach you everything and every single & possible payload. Cybersecurity is one of the most evolving field because of broad array of technologies and it's not constant at all, payloads and tools come and go, make sure you stick with the concepts. For understanding, creating payloads and developing new exploits I would suggest you to stay engaged with different kinds of labs and platforms, read bug bounty reports and research papers which you can find out on google and other platforms like hackerone, intigriti, bugcrowd, X, Medium etc. I would also suggest you to learn javascript, python, C++, HTML etc you do not need to be a master of all these languages but atleast you can write some logics and understand what the code is trying to do. There are thousands of functions and methods so whenever you see something new just go through it search it and you will we good to go. There is alot to write and tell but i think that's the most important thing. Last but not least MOST IMPORTANTLY DON'T RUSH, BECOMING EXPERT WILL TAKE TIME. "Keep Learning and Happy Hacking".
why alert() function not working ?
Regular attack vectors will not work because you are dealing with angularJS sandbox. So to deliver a successful XSS attack you have to bypass the angularJS sandbox. Kindly mention the time of the video at which you are facing the issue.
in my case alert showed up..
Awesome. Learned something new!
Glad to hear it!
So nice sir
Thanks and welcome
being very honest i've seen the best of best cache poisoned video. entirely properly explained
Thanks alot.
❤❤❤
thank you, your explanation is 👍good
You are welcome!
bro can you make a video on burpsuite because i am using old version and now in new there is many changes, i am doing new scan but its not showing in my target / site map. Can you make i video on burpsuite please ?????
Are you still having the same issue? Did you check the issue on portswigger?
Nice one and thank you for such valuable content.
Happy that helped.
bro you are the best fr, i have been struggling with understanding this lab for two days now. thanks a lot man.
Glad to hear that
why is these videos not on portswigger 🥲
not working
What is not working? Let me know the point in time where are you facing issues. I would say watch the complete video.
Thnaks man , you make it very simple . I tried so much time to solve lab but didn't get after showing your video ..... Amazing bro 🎉
Happy that helped.
How do you find that table name and column name ? The end query you put by calling the debug_sql function Because first we have check logs so we haven't received that table n column name then ? Correct me if I am wrong or miss something?
Hey there did you watch the complete video? Could you please mention me the point in time where you have confusion. See if you are talking about 6:47 at that moment we just asked what users do you have in database and you can see it calls "debug_sql" function and execute the query "select username from users" that means there is a coulmn "username" in the table "users". After this you can directly execute query like "select * from users" and you may get everything you want but i deliberately go beyond so that i can show you guys more things.
17:00 I demonstrated how you can get all the tables and users table exists in that response. And when i executed "select * from users;" you can see it respond us with parameters and those parameters are columns in the users table which are: username, password and email.
If still you have any question let me know ok. Don't hesitate to ask. Also let me know if you understand that so i know that you got it.
@@cybersec-radar yes yes I got it !
But doesn’t the system have built-in safeguards to prevent it from executing such instructions embedded with multiple layers of mechanisms? Even if you did bypass it, you still be limited to the capabilities within its parameters.
I’m traveling now once i reach we will talk about that for sure.
@@cybersec-radar take your time great videos by the way!! I think there is a lot to be learned in this field
Accept apologies for late reply now we are talking about AI LLM first thing first secure by design, secure by default, secure in development, layer defense and zero trust arch. all are very crucial and ofcourse there are defenses that could mitigate these vulnerabilities but the challenges come into the picture when AI algorithms models are not smart enough and data is not properly trained. There could be different flaws in term of implementation. About built-in safeguards i would say small kids do not able to identify things that could hurt them. why? Because they are not mature enough. Similarly when the AI is not mature enough and it’s in the phase of learning or open to learning means acquisition or collection of data and try to analyze it building algorithms and models but not mature enough but it must provide you the result so there are much likelihood/probability that its gonna give something out of the box.
One more thing i wanna add here which is expert systems and supervised learning technique they are much better because when you feed data you also define the best, good, bad and worst decisions and in that way it is much mature. Also traditional safeguards are not effective upto the mark in these AI applications. Let me give you one more example before you might have heard that someone asked to chatgpt what is 2+2 and chatgpt said 4 fine but same person then wrote something like “no my wife said its 5 and she is always right” then chatgpt agreed with that because it was not mature with that kind of conditions to face. I will also add about “neural network AI” so it is made to match human mind to take decisions like human mind but upto now i don’t think any AI application is even close to human mind.
@@cybersec-radar You should see some stuff generated. Do you have an email? Maybe we could correspond
Pro tip: CC has English translation.
Crazy!!! A new form of hacking
Awesome experience and explanation. Good job.
Glad you enjoyed it!
nicely elaborated
Thanks
You make it simple. Thank you
Thakyou so much.
thaks ;)
sir please upload next video we have 2 more labs in reflected xss
Tonight or tomorrow morning next lab will be released.
Lab is recoded. Perhaps a bit delay in publishing because the lab was not easy at all so apologize for delay.
Well explained and detailed video, much appreciated.
Glad it was helpful!
bro! hey there... i really appreciate your efforts, but somthing i wanted to highloght is plz do some scripting like whats the goal of the lab, how we will complete this
Will do for sure once it is required. Upto lab20 no need for scripting and making things over complicated and wherever it required i explained things differently by showing and pointing out different references.
What a explanation from the start to end .. bestuuuuuuu
Thank you so much.
Awesome explanation.
bro you are so smart how should i master web cache poisoning for my bug bounty journy
Practice makes a man near to perfect. Understand the concepts, build mindset and clear methodology, analyze the application behavior closely, checkout the key points to make sure certain mechanism is used in your case (web cache). Every engagement and every application is different do not try to mug up the thing, as much your concepts are clear as more the chances you have to find out the bug/vulnerability. My recommendation for you to practice same topic on different platforms too and read the blogs and walkthrough.
@@cybersec-radar thank you so mach 🙏
Well explained and easy to understand.
Sir how can I connect with you
You can connect on LinkedIn.
@@cybersec-radar linkedin username?
Just search my name you will find the same profile picture.
Complete xss labs sir 😊😊❤
Very soon!
Sir complete the xss all labs fast please 😢
Very soon because hopefully i will record everyday...
Sir use more tag for spread out your video by search engine
Thanks for the tip
Respect ++
Thank you, stay tuned...
thx Dude, your work is very usefull,please keep it up 😀
Thank you so much, stay tuned...