The Beginner's Guide to Blind XSS (Cross-Site Scripting)

Please make more detail videos on XSS and payload creation

Loved the video, helped me so much to be honest. Plz keep up the step by steps they help a lot.

Wow , great information. ❤

At 17:57 how did the opening angle bracket of the payload not get encoded when the closing angle bracket before it did?

Nice one!

Please Make this type of contents

Audio is always low why ?

make more content like this

Hiiie ben hope u doin well…love ya brother 🫡🤗🤗

Can you help me?

This is really great to watch. I'm sure this will be beneficial for so many out there on the bugbounty path!! Looking forward for more videos like this. Cheers!!

Love this kind of video, please keep doing these videos where you go through your thought process step by step

wouldnt converting the POST in php to htmlspecialchars just cancel any xss attacks anyways ?

Excellent tutorial! As a newbie to this BB world, this is the kind of video I am looking for.

Hi Nahamsec, thanks for your priceless inforamtion. could u pls tell us what will we get if we join to the channel as well? is there any extra content?

Thanka for uploading this video really helpful ❤

Make video about how to setup xss hunter🙏

It's great that you record such materials, I haven't watched everything yet, but you do a great job!

Hey NahamSec, I am a beginner hunter , and just thought, why are you configuring routing in such way to handle any cases of BXSS triggering, if you could simply add # at the end lol , like

Please make a video on xss vulnerability covering the thought process to identify xss, injecting payload, thought process to bypassing waf on real site

Please improve audio quality 🙏

Great video, presentation was excellent. I enjoy learning these techniques since I am new to the game. More videos like this is much appreciated.

kolato eshghe refiq❤

Love these beginner-centric videos.
I am still waiting for the JavaScript for hackers one :)

This is something new to my knowledge. thnx bro...///

Wow !!! great explanation about XSS........THANK YOU VERY MUCH BEN !!!

Great

A large WOW!

Excellent, really good stuff.
Please make more videos like this!

nice cap :D

Best one explain "how to hack". Thank you so much

thank you

Hello sir
Whare i get those website playing the xss,blind xss stored xss , csrf ,ssrf and so much more i playing the
Metasploitable but its old
Can you suggest the website 😢

Do you use any encodings here?

i watched your video..i had completed CEH and after CEH v11 can i go for CTF or need anything else ?

@nahamsec can you plz shr the custom script that you wrote (modification of the xsshunter script). It is nice and light weight.

Great Video! I take it you could do the same with SSRF by inputting a burp collab link within the tag and if it fires with HTTP / DNS responses it can be assumed that its executing. For this, could you use the Proof of Concept that Blind XSS would be present since the collaborator access link would be executed?

How easy is it to remove this xss script if it is planned to website without much management panel like linktree or heylink. Someone put it on mine and i don't know how to remove it

Useful Video as always. Hope to meet you someday at some LHE

Hey, Thanks for these awesome contents :))پرچمت بالاس

Wow. Lemme subscribe right now! Great explanation

Damn 50k a day. That is someone’s average annual income already

Please do more if this type of videos for us to get the practical understanding of bug bounty....

Hey @NahamSec great video as always. I you should also make a video for XSS hunder set-up. like how to host it on server etc.

I have a query that if I use trufflesecurity then can I customise it like your payload?

I can keep onclick=alert(1) ..so when ever click it pops up

Looking forward for live hacking stream by you !!!!

make a video on , what is your way to bypass filters, and get your payload work

sir I new to this field please guide me how to start from scratch 🙏

Does the program usually require you tell them where you injected the payload i.e like in the address field or additional comment box if so how do you keep track of that.

Which tool use for blind xss?
Truffles xsshunter is safe?

I saw in input area most of them is sanitzi based on html entity the any other option to bypass the sanitazi

Is it advisable to “spray and pray” the blind xss payload in headers?

i like your hat whats the arabi word meanings ?

what to do when the input field cuts off all signs

You are great دمت گرممم

Could we also use Burp Collab

any good event with import for that input tag

Tehran on the hat =))

Make the audio louder please ☹️

This content for beginner🙄🙄

for input we can add attributes like (onload) e.g: '" onload="JS_here"/>

thanks naham

Thank U bro🎉🎉🎉🎉❤

More like this please! Great information.

Awesome

More...walkthrough. ❤️

beautiful stuff

Great video, more content like this please.

Thankyou Ben

Brilliant stuff!

First comment hehe

Hello, what is written on your hat and where did you buy it? It is very beautiful

I liked what was written on your hat. I would like to ask a question: I create websites by purchasing a theme and modifying it. Do the topics take into account the issue of structured code from inputs such as sql, xss, etc.? If not, what should I do to make the client's site more secure? Greetings to you from Morocco

This is awesome! I like how you don't rehash the basics everyone is trying to teach.

Welcome to 20 years ago.

For 18:24, I'd guess using something like:
input type=image src=something.png onload=alert(1)
Or
input autofocus onfocus=alert(1)
Not sure those are right, but that's my guess.

The CTF first challage is to manage to register and invite your friends

Could you make a video doing XSS against a WordPress web-site and show different ways one could learn how to exploit XSS in WordPress websites and plugins?

onmouseover could be best;