Thanks for the feedback! We did start by demonstrating XSS on a vulnerable web application to help explain the concept, but we also moved on to testing for XSS on Binance later in the video. We wanted to make sure everyone, including beginners, understood the basics before diving into real-world bug hunting. If you stick around for the whole video, you’ll see how we applied those techniques on Binance. More advanced content is definitely on the way, so stay tuned!
Nice video, but I have one question. Isn't it a little too basic trying regular XSS payload in a field then moving on ? Isnt't it worth fuzzing with various payloads using intruder or XSStrike tool ? I would assume most companies did the bare minimum to secure against a basic payload, but maybe a complex one may slip through.
Hi thanks for the question. You are correct, there are more advanced tools you can use for testing for injection attacks. We would like to turn this into a video series were we start off with the basics of these types of attacks. Which is why we also demonstrated on Juice Shop first. This is so that even beginners can have a shot at trying out basic techiques on bug bounties. We will definitely be using more advanced tools as we go along, there are some pros and cons of using XSStrike which we can go over in the next part. If there are any other tools or techniques you would like to see, let us know. It is greatly apreciated :)
You are right it is not, this was done to see if it would be possible to get the img tag to error out to see if the dom was being manipulated, if it was it would mean that XSS might be possible however it wasn't so we moved on. But thanks a lot for the comment :)
Thanks for the tip! Yes, we’re aware that encoding can sometimes be necessary for XSS attacks to work. This was our first intro to bug bounty and XSS, so we wanted to keep it straightforward for beginners. We’ve got more complex videos in the pipeline that will dive deeper into these techniques. The video was already 35 minutes long, so we didn’t want to make it too lengthy, but stay tuned for more detailed content coming soon!
Excellent video! Can't wait for part 3!!!
Really glad you enjoyed it, aiming to make Part 3 even better. Thanks so much @Mlaynedere.
Looking forward to part 3
Thanks, will be comming soon :)
Keep up the good work ...
Thank you so much 💪💪
@@_The_hackers Highly welcome, gentlemen ...
@@_The_hackers Highly welcome, gentlemen ...
Your topic is say find xss on binance but you just look on vulnerable web
Thanks for the feedback! We did start by demonstrating XSS on a vulnerable web application to help explain the concept, but we also moved on to testing for XSS on Binance later in the video. We wanted to make sure everyone, including beginners, understood the basics before diving into real-world bug hunting. If you stick around for the whole video, you’ll see how we applied those techniques on Binance. More advanced content is definitely on the way, so stay tuned!
Nice video, but I have one question. Isn't it a little too basic trying regular XSS payload in a field then moving on ? Isnt't it worth fuzzing with various payloads using intruder or XSStrike tool ? I would assume most companies did the bare minimum to secure against a basic payload, but maybe a complex one may slip through.
Hi thanks for the question. You are correct, there are more advanced tools you can use for testing for injection attacks. We would like to turn this into a video series were we start off with the basics of these types of attacks. Which is why we also demonstrated on Juice Shop first. This is so that even beginners can have a shot at trying out basic techiques on bug bounties. We will definitely be using more advanced tools as we go along, there are some pros and cons of using XSStrike which we can go over in the next part. If there are any other tools or techniques you would like to see, let us know. It is greatly apreciated :)
@_The_hackers Ah, it makes sense then. It would be cool to weigh the pros and cons of XSStrike, intruder etc, looking forward to it !
Using dev tools to modify the client side code (as you did for the profile picture) isn't xss.
You are right it is not, this was done to see if it would be possible to get the img tag to error out to see if the dom was being manipulated, if it was it would mean that XSS might be possible however it wasn't so we moved on. But thanks a lot for the comment :)
Man sometimes you need to encoding it to work if you write the cross scripting as plain text will not work try to more methods!
Thanks for the tip! Yes, we’re aware that encoding can sometimes be necessary for XSS attacks to work. This was our first intro to bug bounty and XSS, so we wanted to keep it straightforward for beginners. We’ve got more complex videos in the pipeline that will dive deeper into these techniques. The video was already 35 minutes long, so we didn’t want to make it too lengthy, but stay tuned for more detailed content coming soon!
Mannn bow I have to wait for part 3 🥲
Hope not to disappoint, stay tuned :)