Thanks! I start off with reports from PentesterLand, then I add a Google webscrape from Hackerone and then I add a few more reports from my memory/Pocket/etc.
just found you. veeerrry interesting channel. as someone who learns by watching a massive amount of poc videos on one topic, i like how you take the analysis deeper. finally a channel that doesnt have the redundant "how to hack" videos.
Love your vids. The other day I was messing around with a page and found an html injection, I was wondering if there was a way to escalate it to an XSS if the "=" sign is sanitized and leads me to a 403 Forbidden. Thanks!
LOVE YOUR VIDEOS I know HTML. Currently learning JavaScript. Then I'll put my hand on portswigger labs starting from xss then idor then business logic bugs. *My Questions are:* should I watch your channel from oldest or newest or most popular? should I continue with the approach I wrote above?
I think XSS is actually quite a complex bug class to start with. I'd rather go with access control, IDORs, business logic etc. And yes, Portswigger lab is the resource to go. I think watch my channel from newest
Is there any way to bypass = blacklisted? Svg runs fine even creates its structure in code base but script tag and = are blocked on a url I'm testing with.
Fantastic video. Highly informative!
What platform will u suggest for leaning bug bounty?
I suggest to pick a program first and then the platform
Great video! Do you compile the spreadsheet data manually during your research (13:30) or do you automate with some scripting/scraping?
Thanks!
I start off with reports from PentesterLand, then I add a Google webscrape from Hackerone and then I add a few more reports from my memory/Pocket/etc.
Every website would be vulnerable since you are injecting the script into the console yourself. This is not valid
just found you. veeerrry interesting channel. as someone who learns by watching a massive amount of poc videos on one topic, i like how you take the analysis deeper. finally a channel that doesnt have the redundant "how to hack" videos.
Love your vids. The other day I was messing around with a page and found an html injection, I was wondering if there was a way to escalate it to an XSS if the "=" sign is sanitized and leads me to a 403 Forbidden. Thanks!
This video is Diamond. Awesome mate very well explained. Gonna signup with BBRE soon.
LOVE YOUR VIDEOS
I know HTML. Currently learning JavaScript. Then I'll put my hand on portswigger labs starting from xss then idor then business logic bugs.
*My Questions are:*
should I watch your channel from oldest or newest or most popular?
should I continue with the approach I wrote above?
I think XSS is actually quite a complex bug class to start with. I'd rather go with access control, IDORs, business logic etc. And yes, Portswigger lab is the resource to go.
I think watch my channel from newest
is one of the shortest xss payloads, maybe that's why they are use more often
good point!
Is there any way to bypass = blacklisted?
Svg runs fine even creates its structure in code base but script tag and = are blocked on a url I'm testing with.
@@anonymousx_x3842 are you sure you are URL-encoding the = in the URL? If yes, then I'm not aware of a bypass.
From my experience on the client i pentest img tag is better, 95% of the time svg doesnt work when img does
Maybe try a javascript:alert(1)
Can you share the template...No need database
Thanks!
Not 'E'mg tag but 'I'mg tag 😶🌫
true, I was reading it more in polish than in english
😂 exactly i was too scratching my head for the payload which starts from Emg. later i followed his track
Ten film zawiera lokowanie produktu :)
Ja nie zauważyłem🙄
Hello brother I am also doing bug bounty but not getting success
Correct me if i am wrong. Can we get XSS on 404 pages.
Thanks for the video =)
I love you bro ❤
This is Gold man 💥
Can you help me
Awesome analysis!!
i love you bro 🥰😍🤑
can you give this cheet sheet in pin comment
I linked it in the description ;)
Can You Share About the BB Automation !
Yes but I'd have to invite someone for that because I don't do any automation
@@BugBountyReportsExplained thanks, Waiting :)
is there step how to do for bug bounty each report ?
hm?
@@BugBountyReportsExplained Excuse me what do you mean? i mean when i subscribed is there what does i mean?
@@Al-rt3ec Bro he questioning your question, it doesn't make sense
Can you share the notion list
i guess it's available for premium bbre users
Exactly, the database is available in BBRE Premium
Would be interested in using this info as a ML training set
Better to use than the quoted one
Good point actually