"i hope you learn something valuable...". This is absolutely valuable, I have been trying to find how dangerous XSS is, but never get satisfied answer except this one. Thanks loi!
WEll i see it now but i just got this computer and i hate that its been hacked i did not know cause all the redirects etc. and identity theft i keep seeing fimiliars names as well including goat
I'm brand new to IT and was reading about open web app projects and came across the word Cross Site Scripting. Your explanation and demonstration was so clear, concise and yeah, scary! Thank you. I'll be studying your content for sure!
Really liked ur video sir, where most of the videos creators focus on the theory and unnecessary content, Ur content is very very good it actually gives practical knowledge and that too with very good explanation. Really appreciate ur work 🙇🙇
Wow, I knew a little about XSS but I didn't had the creativity to think that this kind could be made with this technique! Thank you so much for the presentation!
FIRST TIME I WATCHED THIS I WAS NO IDEA WHAT I'M WATCHING I DON'T UNDERSTAND ANYTHING BUT NOW FOR MONTHS STUDYING JAVASCRIPT AND DOM MANIPULATION I CAN NOW EASILY UNDERSTAND EVERYTHING, THE MORE I DIVE INTO TECH THE MORE MY PERSPECTIVE CHANGES ABOUT INTERNET
Thank you so much. I'm a web developer and this info is a gold. You explained this in such way that anybody can understand the great risk. This is scary how easy it is to hack the site if it is not protected against these attacks.
@@oldnews4160 I think quite easy for developers. Just don't use innerHTML for user content, just innerText. As soon as you as a user realise a website has this vulnerability, you can either check by inspecting or contact the website owners.
@@oldnews4160 im a bit late, but to prevent xss, a little security can go a long way. Obviously there are a lot of advanced security techniques, but simple things like input restriction (like preventing the input of '') or output encoding (where things like '
Man this was awesome 🤩 being a CEH guy I was still not able to understand how to perform XSS in proper way but this one video cleared my all concept ❤ u deserve millions of likes and views
You got another subscriber. You explain and show the process so much better than Hack the Box. I’m currently slogging thru the Linux Fundamentals course and it is hard.
Nice job. Next question is, this seems like an easy task to fix. What else should one do to protect yourself and what is the current state of XSS protection and danger?
So I was thinking: if you are going to look side ways, maybe you don't need a head cam when we see the work on the screen. Thanks for the video, very informative
Wow you earned a sub and a ton of respect. You're fast, to the point, highly information-dense.. perfect level of difficulty for me. So happy the algorithm brought me here. Keep it up boss!
What an awesome video! I’m glad I came across your videos, I have one real nooby question though… If this SQL stuff is so easy to put into websites, what do banks, shopping or government websites use to protect themselves from these attacks?
The problem is you can only realistically get better by practice and diverse practice against differing targets is likely against the law unless you have a job in pentesting. It’s all fun and games until the authorities knock on your door.
Nowadays all web frameworks come with really innovative input sanitization techniques which make XSS attacks absolutely useless. Any tricks to bypass these would be cool
@@harshthechampful problem is you have to have a good idea of what kind of framework the code is coz reactJS when deployed is still the old vanilla JS which makes it difficult sometimes to know if its react, angular , vue or something else. And also there is quite a bit of abundance of 3rd party libraries to bump up the sanitisation game note that the browser you use also prevents some mailicious features making XSS difficult and added to that SQL has come a far way now to the point you cant trick it all that easy.
im a frontend developer, looking for a video how dangerous xss is, because i know nothing at all about how it will impact our data. hope to see a video how to prevent it as a developer from you because i love to see how you explain informations
Learning about Cyber security after the CS2 XSS exploit that was reported yesterday I want to hear your opinion on that! It's actually making me really anxious
You remind me of the guy from (youtube) PBS Space Time (but a non English version of him). :) Great tutorial. Always nice to see how these attacks are done so I can make my website and APPS more bullet proof. :)
Yeah the XSS he covers is rather basic. Its DOM and Mutation XSS that we seen in modern applications. Unless a site is made manually without a framework or by a fool who doesn't know what they're doing, these standard input injection attacks wont be found in enterprise applications.
Thank you for the detailed explanation. Can someone answer the question; does this kind of ethical hacking of your own site or apps allow some better capabilities for development? I want to understand if this is helpful for developers to not get locked out or to better monitor traffic?
"i hope you learn something valuable...". This is absolutely valuable,
I have been trying to find how dangerous XSS is, but never get satisfied answer except this one. Thanks loi!
practical example, instead of theoretical which we see many site...
Damn, this is gold
Please can I have your telegram username I need to speak to you please if I may
@@oluwaseunmicheal1571 speaking about what bro ? :v
WEll i see it now but i just got this computer and i hate that its been hacked i did not know cause all the redirects etc. and identity theft i keep seeing fimiliars names as well including goat
Dude you deserve way more views. Straight to the essential, clear, understandable. You won a new follower !
Dude, I’ve been studying cyber for over two years. This is amazing. The first time I can actually see this in action. Thank you!
I'm brand new to IT and was reading about open web app projects and came across the word Cross Site Scripting. Your explanation and demonstration was so clear, concise and yeah, scary! Thank you. I'll be studying your content for sure!
I've tried many times to understand what is really happening with XSS and this was the best way it has ever been explained to me
This channel is gold. All I can say.
goldmine
School FOR ROBBERS AND CRIMINALS ???
24 carat
yes the owner of this channel is an ultimate hacker
Best demonstration of XSS that I have ever seen - thank you
This is awesome... If someone is in hurry of preparing for the interview.. get this..
Really liked ur video sir, where most of the videos creators focus on the theory and unnecessary content, Ur content is very very good it actually gives practical knowledge and that too with very good explanation. Really appreciate ur work 🙇🙇
thank you man, now I can start my career with you here in TH-cam even before I go to university
Wow, I knew a little about XSS but I didn't had the creativity to think that this kind could be made with this technique! Thank you so much for the presentation!
FIRST TIME I WATCHED THIS I WAS NO IDEA WHAT I'M WATCHING I DON'T UNDERSTAND ANYTHING BUT NOW FOR MONTHS STUDYING JAVASCRIPT AND DOM MANIPULATION I CAN NOW EASILY UNDERSTAND EVERYTHING, THE MORE I DIVE INTO TECH THE MORE MY PERSPECTIVE CHANGES ABOUT INTERNET
Thank you so much. I'm a web developer and this info is a gold. You explained this in such way that anybody can understand the great risk. This is scary how easy it is to hack the site if it is not protected against these attacks.
How difficult is it to disable/prevent xss?
@@oldnews4160 I think quite easy for developers. Just don't use innerHTML for user content, just innerText.
As soon as you as a user realise a website has this vulnerability, you can either check by inspecting or contact the website owners.
@@oldnews4160 im a bit late, but to prevent xss, a little security can go a long way. Obviously there are a lot of advanced security techniques, but simple things like input restriction (like preventing the input of '') or output encoding (where things like '
You're a legend. Straight to the point and you spoke quickly with no filler.
just been assigned to a security project dealing with XSS, and your video is really helpful and valuablr . a big thumb up bro
Now I know how those infected sites have been hijacked before to host a phishing site, great demo!
I found great tutorial on XSS after several year, :) Thanks for sharing it so intuitively.
Man this was awesome 🤩 being a CEH guy I was still not able to understand how to perform XSS in proper way but this one video cleared my all concept ❤ u deserve millions of likes and views
I have never been more confident about my cyber security career after watching this channel. You’re a gem. Thank you.
Extremely well done, found your video looking up what XXS was because i wanted to see how dangerous the CS2 exploit is. Thanks for the great info.
Amazing video.
Went through various articles and demos explaining XSS but this one is by far the best one
Loi you are the best! I love that you acutally shows us how XSS works rather than just explain it in pretty words :) Thank you so much!
You got another subscriber. You explain and show the process so much better than Hack the Box. I’m currently slogging thru the Linux Fundamentals course and it is hard.
" i hope you learnt something valuable "
Is that a question sir ..
Your channel is a diamond thank you so much
This has been the best explanation of what a XSS is. Thank you!
I am a career shifter and my current work is related to cybersecurity, and thank you for this
Clear and concise explanation and demonstration. Couldn't ask for better.
thank you just ran into a NoScript detected a potential Cross-Site Scripting attack wow this is helpful
instant subscribe worthy. clear explanation, clear voice, valuable content
Wow, this is insane. Ngl I'm a little freaked out by this. Great information as always. Thanks 🤟👍
This guy doesn't spend 30 minutes speaking bullshit and only 2 minutes showing the real thing. I'm a fan
Ugh I hate all these spam hacker comments on every infosec video. Thank you for the content. Beautifully explained like always.
on the process of getting my CompTIA. I was a little confused on this topic but wow. It really is scary. thank you for the video!
Thanks for the explanation. Now I can easily differentiate XSS attack from a Cors attack.
Nice job. Next question is, this seems like an easy task to fix. What else should one do to protect yourself and what is the current state of XSS protection and danger?
The best Chanel for learning ethical hacking
So I was thinking: if you are going to look side ways, maybe you don't need a head cam when we see the work on the screen. Thanks for the video, very informative
I know that XSS is dangerous, but I never realised it can be this dangerous. +1 sub.
Wow you earned a sub and a ton of respect. You're fast, to the point, highly information-dense.. perfect level of difficulty for me. So happy the algorithm brought me here. Keep it up boss!
The guy is incredible. I really enjoyed it. And it's really scary at the same time
clear, concise and to the point explanation. Just amazing!
Game over..... Great info . Most useful channel 4 ethical hacking learning 👍👍👍👍👍
This made my day! Thanks for the great explain the process and where to find them to test and prevent
Terrific content! Learning so many new techniques.
Amazing content Mr.Yang. Highly resourceful 👍
Thank you so much for letting me know how dangerous stored xss is .
Excellent introduction on this topic ! Audio quality is great as well, keep it up :)
Thank you, you teach very well even if i already know most of things thats you show, you make them more understandable.
I'm a very beginner, but I'm interested in cyber security.... And it's pretty scary to see how easy it is to get your informations...
Perfect timing! I was actually testing it a few days ago!
PS: I didn't expect your password to be 12345678 :P
What?
@@idontwantausername7398 probs the password on beef
Hi Loi! Great video! Could you please make a video about your desktop setup or what you look for in laptops that are tailored for penetration testing?
Wow I love your episodes.......Guys let's get to 1million subscribers
Well explained. Just subscribed after watching your video for the first time.
I needed an example outside of the classroom's Vector Image with some script inside of it. I could see how thats easy to fall for
Invaluable information. Many thanks Loi!
Instant sub after the 1st video, good job explaining and the demonstration helps so much 👍
Awesome video, as always. One suggestion though, could you post the links in the description? Thanks :)
What an awesome video! I’m glad I came across your videos, I have one real nooby question though…
If this SQL stuff is so easy to put into websites, what do banks, shopping or government websites use to protect themselves from these attacks?
Your explanation is very clear and easy to understand
The problem is you can only realistically get better by practice and diverse practice against differing targets is likely against the law unless you have a job in pentesting.
It’s all fun and games until the authorities knock on your door.
wow amazing video, Im studying cyber security and knowing this its very useful! I'm subscribing!
Please start ... complete hacking course 🙏❤
Good demonstration of XSS using a feedback form
All of us know we don't learn hack to hack our own system😂😂😂
Nowadays all web frameworks come with really innovative input sanitization techniques which make XSS attacks absolutely useless. Any tricks to bypass these would be cool
Yes, I love angular ❤️
Does it depend on the way the component is scripted at all? Like the framework handles all the sanitization and there is no chance of XSS?
@@harshthechampful problem is you have to have a good idea of what kind of framework the code is coz reactJS when deployed is still the old vanilla JS which makes it difficult sometimes to know if its react, angular , vue or something else. And also there is quite a bit of abundance of 3rd party libraries to bump up the sanitisation game note that the browser you use also prevents some mailicious features making XSS difficult and added to that SQL has come a far way now to the point you cant trick it all that easy.
My best teacher
i suprised that subscribe button is highlighted when you mentioned it
What a valuable resource, so clear and easy to understand, thanks
The only channel I watch when learning hacking:)
i always watch full ads video in your channel sir
so that you will bring more videos for free to us without any cost
thanks
im a frontend developer, looking for a video how dangerous xss is, because i know nothing at all about how it will impact our data. hope to see a video how to prevent it as a developer from you because i love to see how you explain informations
XSS = GAME OVER. Thank you for creating great content!
in fact i've learned something valuable, Thank you from Algeria.
Learning about Cyber security after the CS2 XSS exploit that was reported yesterday
I want to hear your opinion on that! It's actually making me really anxious
Just subbed, great content. Clear and concise
Thank you so much, you do a great job of explaining it this helps me with my college XSS lab.
Great Video, worth every second of watchtime.
Hello sir Loi Liang Yang, I learnt something new today 😀😀
Thank you ❤️❤️
You remind me of the guy from (youtube) PBS Space Time (but a non English version of him). :) Great tutorial. Always nice to see how these attacks are done so I can make my website and APPS more bullet proof. :)
The most dangerous ones are the ones who created these apps for hacking purposes but thanks for sharing this great video love it thumbs up for you!
Wooow!! You gain one more subscriber 🙏🏼🚀
Love the attitude of this guy. Don't waste time
Broooo, thank you for visualizing this concept!
I use your site to help make my website and APPS in development more secure. Thx :)
Very neat and clear . Thanks
This is total fun and amusement 🙂 Love your music Peace and Love from Sweden
You can prevent that in PHP using the strip_tags() function passing the input data into the function
Yeah the XSS he covers is rather basic. Its DOM and Mutation XSS that we seen in modern applications. Unless a site is made manually without a framework or by a fool who doesn't know what they're doing, these standard input injection attacks wont be found in enterprise applications.
@@bobbystotmisc I agree, is better to use frameworks while developing big or enterprise applications
Thank you for the detailed explanation. Can someone answer the question; does this kind of ethical hacking of your own site or apps allow some better capabilities for development?
I want to understand if this is helpful for developers to not get locked out or to better monitor traffic?
Loi Is Best teacher.
This channel is the G.O.A.T
alert("Eeeeeeeeeee");
//TH-cam can't be hacked that easily
Very Informative ! Thanks for such an amazing video ❤️
Thanks for the clean explanation!
This channel is always on top
Mobile hacking lectures !! plzzz ! BTW Love your Videos :
)
Dear Loi, just remember one thing, you are our hero....
Exceptionally explained. 🙏
Just subscribed, awesome stuff.
Yeah it's valuable, information is straight on point. Thanks👍🏽
This is impressive and scary at the same time.
what a great way to teach, thank you sir