This is extremely helpful! I am not really familiar enough with js, but i really wanted to understand this lab, and it would be so bad without your explanation. Thank you million times!
Thank you so much for this video, everysince I found your channel you have been my savior to understand some of the experts labs. So really thank you so muchh!!!!!!
Thank you! There is one thing that I would like explained. When you pass in the correct query param to solve the lab, and you look at the HTML of the returned response, it does not look like the code passed in the query string was successfully injected. e.g. you do not see an actual single quote to close the value of the body property in the fetch payload. Instead, you see an encoded single quote, which is not valid javascript. I guess the browser decodes the javascript url before executing it, but I do wonder about that.
I could see the reflection point in the source.... that's it then I am here.......THANKS for the video..,...I still couldn't understand why the tostring and window are required in our payload...
The main reason we have to use window and toString is in order to execute our function. We can't execute a function directly using function scopes () because they are blocked by the page.
Nice one I have 1 question and one comment , the question is that how the xss happens when the url is encoded and the payload is also encoded ,and the comment is that it's not the parameter that is vulnerable but the url being reflected in the page
This is extremely helpful! I am not really familiar enough with js, but i really wanted to understand this lab, and it would be so bad without your explanation. Thank you million times!
JUST ABSOLUTE CRAZY EXPLAINATION! SUPER SIMPLIFIED!!!
Best Explanation Ever !!! Really Crazy and very simple to understand and I wish you the very Best !!!
Really well done course! Thanks for your content!
Dude, This is really great, You are clearly explaining with custom code, thank you
Really amazing and detailed explanation! Thank you!
Thank you so much for this video, everysince I found your channel you have been my savior to understand some of the experts labs. So really thank you so muchh!!!!!!
Absolutely splendid explanation, thank you so much
BEAUTIFULLY explained, thank you very much!
Thanks a lot! detailed and clear, satisfactory indeed.
Ultimate Explanation
the best one to explain it
keep going
Thank you for that video!
Wow! You are the best!
This is so useful thank you
perfect explanation keep going
Thank you very much for the video.
Thank you! There is one thing that I would like explained. When you pass in the correct query param to solve the lab, and you look at the HTML of the returned response, it does not look like the code passed in the query string was successfully injected. e.g. you do not see an actual single quote to close the value of the body property in the fetch payload. Instead, you see an encoded single quote, which is not valid javascript.
I guess the browser decodes the javascript url before executing it, but I do wonder about that.
have the same question
the payload in this case will go into href ,which means a url ; and encoding in this case is ok
thanks for this explanation.
I could see the reflection point in the source.... that's it then I am here.......THANKS for the video..,...I still couldn't understand why the tostring and window are required in our payload...
The main reason we have to use window and toString is in order to execute our function. We can't execute a function directly using function scopes () because they are blocked by the page.
@@z3nsh3ll Got it!
thanks for sharing this information.
you are the best man
Thanks for this great explaination♥
I have a question, how does the javascript worked while the equal signs are encoded?
Great video! 🎉
does the fetch function unicode the url body automaticly ?
Nice one I have 1 question and one comment , the question is that how the xss happens when the url is encoded and the payload is also encoded ,and the comment is that it's not the parameter that is vulnerable but the url being reflected in the page
A response for my self the payload in this case will go into href which means a url and encoding in this case is ok
Thanks a lot for this
thanks for this video
great man thanks
brilliant
awesome. great
Dope