$XX,000 Airbnb impossible XSS with 4 bypasses

แชร์
ฝัง
  • เผยแพร่เมื่อ 25 ม.ค. 2025

ความคิดเห็น • 84

  • @BugBountyReportsExplained
    @BugBountyReportsExplained  3 ปีที่แล้ว +5

    Welcome to the comment section!
    First, thanks for watching!
    Make sure you are subscribed if you liked the video!
    th-cam.com/users/BugBountyReportsExplained
    Follow me on twitter:
    twitter.com/gregxsunday
    ✉️ Sign up for the mailing list ✉️
    mailing.bugbountyexplained.com/
    ☕️ Support my channel ☕️
    www.buymeacoffee.com/bountyexplained
    🖥 Get $100 in credits for Digital Ocean 🖥
    m.do.co/c/cc700f81d215

  • @VM-mo9ku
    @VM-mo9ku 4 ปีที่แล้ว +10

    Respect for the explainer and researchers!

  • @lifeenjoy.
    @lifeenjoy. 4 ปีที่แล้ว +7

    What a great explanation. Subscribed already..
    Thank you for sharing.

  • @codewithrehan3496
    @codewithrehan3496 3 ปีที่แล้ว +3

    All videos of this channel are awesome and very informative

  • @arjunpeter9614
    @arjunpeter9614 4 ปีที่แล้ว +3

    Awesome bro, nice explaination , even I stuck with waf bypass

  • @rajatdutta8365
    @rajatdutta8365 3 ปีที่แล้ว +1

    Very useful, good explanation. Plz post more

  • @cocplayers4459
    @cocplayers4459 4 ปีที่แล้ว +4

    Wow this 4 bypass was amazing even I never understand😉 simply super

  • @usha4220
    @usha4220 4 ปีที่แล้ว +1

    Once I found a xss in Google forms, in that I bypassed three filters....a waf and two CSP's

  • @FahadAlQallaf
    @FahadAlQallaf 4 ปีที่แล้ว

    your videos are always Awesome! keep it up

  • @sail6114
    @sail6114 4 ปีที่แล้ว +1

    Thanks for the explanation bro 👍

  • @alanprado22
    @alanprado22 2 ปีที่แล้ว

    What most surprised me is the fact of these guys remember action script and think about to use it to exploit the vulnerability

  • @dennismunyaka6537
    @dennismunyaka6537 3 ปีที่แล้ว +2

    xss seems like a vast ocean highly dependent on the individual program and its filters.

  • @nhlcreation4240
    @nhlcreation4240 4 ปีที่แล้ว +1

    Very informative, keep doing, continue, thanks

  • @yashwanthd1998
    @yashwanthd1998 4 ปีที่แล้ว +1

    Great video.Is 403 status always comes from the waf..so we would know waf is blocking us not the filters!?

    • @BugBountyReportsExplained
      @BugBountyReportsExplained  4 ปีที่แล้ว +2

      Usually, you see at the first sight which response comes from WAF, as it usually has "Blocked by WAF" message or similar. In this case, the filter didn't cause 403 status, but it was standard 200 OK, but some parts from the user input were deleted.

  • @caffeinedoom
    @caffeinedoom 4 ปีที่แล้ว

    Keep with the good work up!

  • @jfBogart.
    @jfBogart. 4 ปีที่แล้ว

    Bro i cant find the browser extension that u use at min 7:14. Its available for firefox? Could u tell me the extension name?
    P. D: Thanks for your videos, u are so good!

  • @moviestime4792
    @moviestime4792 2 ปีที่แล้ว +1

    John cina?

  • @Sam-oo7vo
    @Sam-oo7vo ปีที่แล้ว

    Could you please make a video on web pentesting using devtools

    • @BugBountyReportsExplained
      @BugBountyReportsExplained  ปีที่แล้ว

      I described a part of my Devtools workflow in "BYPASSING CLIENT-SIDE XSS FILTERS" that's in BBRE Premium archive ;)

  • @heydanny-Dhanesh
    @heydanny-Dhanesh 4 ปีที่แล้ว +1

    Great job buddy :)

  • @ahronmoshe2406
    @ahronmoshe2406 2 ปีที่แล้ว

    How to bypass html encoding? do a video on that

  • @Personalaccountgusti
    @Personalaccountgusti 4 ปีที่แล้ว

    Cool! So we can bypas waf w/ various payload, but how about x-xss-protection=1 can we bypass it?

    • @BugBountyReportsExplained
      @BugBountyReportsExplained  4 ปีที่แล้ว

      it's meaningless now. Is was there only for browser xss filter like chrome auditor. Auditor is no longer in modern versions of chrome.

    • @Personalaccountgusti
      @Personalaccountgusti 4 ปีที่แล้ว

      @@BugBountyReportsExplained if we look at burp suite, there's an option to replace the response header which is the xss protection right? how do you do the PoC since the burp option only aaffect our browser. is that even make sense?

    • @alessandro.solano
      @alessandro.solano 4 ปีที่แล้ว

      Great video, thanks for outlining all the steps! Am I wrong or html encoding HTML special characters on the waf or application side would have been enough to prevent the exploit?

    • @BugBountyReportsExplained
      @BugBountyReportsExplained  4 ปีที่แล้ว

      you should make poc without any match&replace rules in burp so your POC is representative of a real attack

    • @BugBountyReportsExplained
      @BugBountyReportsExplained  4 ปีที่แล้ว +1

      @Alessandro you not wrong, HTML encoding is simple, yet unbypassable way of mitigating XSS attacks

  • @sebastiankreutz3252
    @sebastiankreutz3252 3 ปีที่แล้ว

    Can someone explain to me how a hacker uses this scenario to do something malecious in the end? It showed an alert so would it have been possible to also inject some other code which does other things? Thank you

    • @yakushitamahacka4199
      @yakushitamahacka4199 3 ปีที่แล้ว +4

      Showing an alert box is an indicator that attacker was able to run javascript. Of course, alert is not malicious but being able to run javascript is. by running javascript, you can do a ton of things (basically everything that the frontend application would do) and some common techniques are to send the "victim's" cookie to an attacker, extract other information from the application and send it to the attackers, etc. xss is a client-side attack meaning that all those attacks are done towards another user by sending a malicious link to the "victim" if we are talking about a reflected xss or mass-targeting a lot of users that visit a specific page when we are talking about stored xss. the sky is the limit if your application suffers from xss.

    • @BugBountyReportsExplained
      @BugBountyReportsExplained  3 ปีที่แล้ว

      As Yakushi responded, you can do whatever the victim can do on an attacked website and read all data that the victim can read.

  • @mahfu847
    @mahfu847 2 ปีที่แล้ว

    Do share Poc video

  • @gkhck
    @gkhck 4 ปีที่แล้ว

    Thank you!

  • @shanitiwari1664
    @shanitiwari1664 4 ปีที่แล้ว

    Which of the extension you are using in browser

  • @rohitagent
    @rohitagent 4 ปีที่แล้ว

    Legendary exploit, legendary explanation

  • @nasrullahmurad8773
    @nasrullahmurad8773 4 ปีที่แล้ว

    Please tell me what programming languages to learn to be an ethical hacker or pentester

    • @BugBountyReportsExplained
      @BugBountyReportsExplained  4 ปีที่แล้ว

      i'd go for:
      1) python or other scripting language where you will be able to write some scripts if you need
      2) write some web applications to understand the developer side of things
      3) some knowledge about bash or equivalent

  • @RaceForMoney
    @RaceForMoney 4 ปีที่แล้ว

    Great! Awesome!

  • @amrshaglouf5429
    @amrshaglouf5429 4 ปีที่แล้ว

    thank you

  • @mersalmakers1577
    @mersalmakers1577 4 ปีที่แล้ว

    Superb

  • @ethiobusiness3013
    @ethiobusiness3013 3 ปีที่แล้ว

    Sir work in demo Please 🙏🙏🙏🙏

  • @DEADCODE_
    @DEADCODE_ 2 ปีที่แล้ว

    Sorry but what's your country it's looks like Russia or Algeria

    • @BugBountyReportsExplained
      @BugBountyReportsExplained  2 ปีที่แล้ว

      Poland

    • @DEADCODE_
      @DEADCODE_ 2 ปีที่แล้ว

      @@BugBountyReportsExplained ok bro cool

    • @Rogerson112
      @Rogerson112 4 หลายเดือนก่อน

      @@BugBountyReportsExplained tego sie nie spodziewałem. Pracujesz jako pentester na etacie czy zajmujesz się profesjonalnie bug bounty?

  • @prashantaroy3750
    @prashantaroy3750 4 ปีที่แล้ว +1

    How can someone became a Pro bug hunter ?
    Why very few bug hunter are successful in a long run ?
    What can be done , what should be learning continuously to stay ahead?

    • @BugBountyReportsExplained
      @BugBountyReportsExplained  4 ปีที่แล้ว

      well, that is a good question, but you should ask profession bounty hunters. I'm mainly a pentester and that's why I understand all this stuff, but Im not really actively doing bug bounties since I've started the YT channel.

    • @prashantaroy3750
      @prashantaroy3750 4 ปีที่แล้ว

      @Oliver
      Yes ,
      But how ?
      What is the Right pathway ?

  • @tymekl1509
    @tymekl1509 4 ปีที่แล้ว

    "That gets triggered"
    Yea, it propably got really angry, maybe even triggered...
    _bottomtext_
    TRIGGERED

  • @cyberpirate007
    @cyberpirate007 4 ปีที่แล้ว

    Cool !!!!

  • @AlexSmith-jj9ul
    @AlexSmith-jj9ul 4 ปีที่แล้ว +2

    Love the accent btw

  • @codewithrehan3496
    @codewithrehan3496 3 ปีที่แล้ว

    At least add English subtitles for all videos

  • @ca7986
    @ca7986 4 ปีที่แล้ว

    ❤️

  • @patrickslomian7423
    @patrickslomian7423 4 ปีที่แล้ว

    Pozdro :) !

  • @hamza6869
    @hamza6869 4 ปีที่แล้ว

    Mission Impossible 😄

    • @BugBountyReportsExplained
      @BugBountyReportsExplained  4 ปีที่แล้ว +2

      it definately looked like the end. That's what I like about this report the most!