The Beginner's Guide to Blind XSS (Cross-Site Scripting)
ฝัง
- เผยแพร่เมื่อ 29 ก.ย. 2024
- 🚩Signup for Snyk's CTF 👉🏼 snyk.co/nahamsecctf
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
XSS Hunter:
github.com/man...
Trufflehog XSS Hunter
xsshunter.truf...
💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
www.buymeacoff...
JOIN DISCORD:
discordapp.com...
🆓 🆓 🆓 $200 DigitalOcean Credit:
m.do.co/c/3236...
💬 Social Media
- / nahamsec
- / nahamsec
- twitch.com/nah...
- / nahamsec1
#bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
Please make more detail videos on XSS and payload creation
Loved the video, helped me so much to be honest. Plz keep up the step by steps they help a lot.
Wow , great information. ❤
At 17:57 how did the opening angle bracket of the payload not get encoded when the closing angle bracket before it did?
I think, it's kinda security mechanism which kept in place to avoid xss. So, whenever any closing tag appears, it encodes it. So that no full tag will appear...even If you use img, script tag, closing bracket alone will be encoded by making our payload doesn't work
Nice one!
Please Make this type of contents
Audio is always low why ?
I'm not seeing any issues. Can you tell me what you are watching this on?
@@NahamSec yup its always lower than other normal videos..
@@NahamSecvoice is good
make more content like this
Hiiie ben hope u doin well…love ya brother 🫡🤗🤗
❤️🥰
Can you help me?
This is really great to watch. I'm sure this will be beneficial for so many out there on the bugbounty path!! Looking forward for more videos like this. Cheers!!
Love this kind of video, please keep doing these videos where you go through your thought process step by step
Thank you! Will do!
wouldnt converting the POST in php to htmlspecialchars just cancel any xss attacks anyways ?
Excellent tutorial! As a newbie to this BB world, this is the kind of video I am looking for.
Hi Nahamsec, thanks for your priceless inforamtion. could u pls tell us what will we get if we join to the channel as well? is there any extra content?
Thanka for uploading this video really helpful ❤
Make video about how to setup xss hunter🙏
It's great that you record such materials, I haven't watched everything yet, but you do a great job!
Hey NahamSec, I am a beginner hunter , and just thought, why are you configuring routing in such way to handle any cases of BXSS triggering, if you could simply add # at the end lol , like
Please make a video on xss vulnerability covering the thought process to identify xss, injecting payload, thought process to bypassing waf on real site
Cfbr
Using xss_vibes,xsstrike tool to bypassing waf.
Yeah I second this please.
I’m a noob and keep making stupid syntax mistakes (amongst larger ones) would be really helpful if possible please mate
Please improve audio quality 🙏
Great video, presentation was excellent. I enjoy learning these techniques since I am new to the game. More videos like this is much appreciated.
kolato eshghe refiq❤
Love these beginner-centric videos.
I am still waiting for the JavaScript for hackers one :)
This is something new to my knowledge. thnx bro...///
Wow !!! great explanation about XSS........THANK YOU VERY MUCH BEN !!!
Great
A large WOW!
Excellent, really good stuff.
Please make more videos like this!
nice cap :D
Best one explain "how to hack". Thank you so much
Enjoy!!
thank you
Hello sir
Whare i get those website playing the xss,blind xss stored xss , csrf ,ssrf and so much more i playing the
Metasploitable but its old
Can you suggest the website 😢
Do you use any encodings here?
i watched your video..i had completed CEH and after CEH v11 can i go for CTF or need anything else ?
@nahamsec can you plz shr the custom script that you wrote (modification of the xsshunter script). It is nice and light weight.
Great Video! I take it you could do the same with SSRF by inputting a burp collab link within the tag and if it fires with HTTP / DNS responses it can be assumed that its executing. For this, could you use the Proof of Concept that Blind XSS would be present since the collaborator access link would be executed?
How easy is it to remove this xss script if it is planned to website without much management panel like linktree or heylink. Someone put it on mine and i don't know how to remove it
Useful Video as always. Hope to meet you someday at some LHE
🤞🏽🤞🏽🤞🏽
Hey, Thanks for these awesome contents :))پرچمت بالاس
🇮🇷
🇮🇷🇮🇷🇮🇷🇮🇷@@NahamSec
Wow. Lemme subscribe right now! Great explanation
Damn 50k a day. That is someone’s average annual income already
Please do more if this type of videos for us to get the practical understanding of bug bounty....
Hey @NahamSec great video as always. I you should also make a video for XSS hunder set-up. like how to host it on server etc.
I have a query that if I use trufflesecurity then can I customise it like your payload?
I can keep onclick=alert(1) ..so when ever click it pops up
Looking forward for live hacking stream by you !!!!
make a video on , what is your way to bypass filters, and get your payload work
sir I new to this field please guide me how to start from scratch 🙏
Does the program usually require you tell them where you injected the payload i.e like in the address field or additional comment box if so how do you keep track of that.
Which tool use for blind xss?
Truffles xsshunter is safe?
I saw in input area most of them is sanitzi based on html entity the any other option to bypass the sanitazi
Is it advisable to “spray and pray” the blind xss payload in headers?
i like your hat whats the arabi word meanings ?
what to do when the input field cuts off all signs
You are great دمت گرممم
Could we also use Burp Collab
No, burp collab doesn't allow you to serve JS. You need to either use a tool or create your own
@@NahamSecsir i have hostinger hosting but i don't know how to host this can you make a full video on hosting bxss
any good event with import for that input tag
Tehran on the hat =))
Make the audio louder please ☹️
This content for beginner🙄🙄
for input we can add attributes like (onload) e.g: '" onload="JS_here"/>
thanks naham
Thank U bro🎉🎉🎉🎉❤
More like this please! Great information.
Awesome
More...walkthrough. ❤️
beautiful stuff
Great video, more content like this please.
Thankyou Ben
Brilliant stuff!
First comment hehe
Almost!
I was first hihi😊😊
Hello, what is written on your hat and where did you buy it? It is very beautiful
I made it. It says Tehran
I liked what was written on your hat. I would like to ask a question: I create websites by purchasing a theme and modifying it. Do the topics take into account the issue of structured code from inputs such as sql, xss, etc.? If not, what should I do to make the client's site more secure? Greetings to you from Morocco
This is awesome! I like how you don't rehash the basics everyone is trying to teach.
Welcome to 20 years ago.
For 18:24, I'd guess using something like:
input type=image src=something.png onload=alert(1)
Or
input autofocus onfocus=alert(1)
Not sure those are right, but that's my guess.
autofocus onfocus should be the right answer, but it may need some playing around.
The CTF first challage is to manage to register and invite your friends
Could you make a video doing XSS against a WordPress web-site and show different ways one could learn how to exploit XSS in WordPress websites and plugins?
onmouseover could be best;