Every Type of XSS Attack, Explained
ฝัง
- เผยแพร่เมื่อ 3 ส.ค. 2024
- In this video, I do a whirlwind tour of XSS, from stored to self. When you submit an XSS you're often met with 4 vulnerability categories, but what is the difference anyway? What makes something a stored or a DOM-based and what about blind XSS? In this video, we cover them all. Next week we'll go in-depth into blind XSS!
XSS Cheatsheet to help with WAFs - portswigger.net/web-security/...
DOM XSS - portswigger.net/web-security/...
More DOM XSS from OWASP owasp.org/www-community/attac...
![[TH] LEV vs TLN | TE vs VIT - VALORANT Champions 2024 DAY 3](http://i.ytimg.com/vi/_AbmrWv2lO0/mqdefault.jpg)
I don't know why but whenever you explain a concept I find it very easy to wrap my head around it :) Thanks for building my confidence in XSS !!!
Sometime it helps to hear something you’ve read or watched explained in a different way to really understand it :)!
@@InsiderPhD Very True :)
I’m only 3 minutes into your video and I’m saying out loud this is exactly the type of content I’ve been looking for. Thank you for thoroughly explaining. “If your looking at the log in page if you input xss, here, here and here, and it displays the message then you have stored xss.”
I’ve watched a lot of videos and not many recognize that beginners can’t even put a name to a face so when we are trying to convert knowledge into action, we are as lost as a color blind person trying to decipher colors.
More videos like this please! Sql I, xxe, the gambit !
Thank you for this 🥰
Thank you so much, This is so simple and complete
Thanks Katie! 👍
Excellent video! Well done
Thank you so much for explaining everything.
Hi! I am following along Nahamsec's 5WP (5 Week Program). Found YOUR video (this video) listed under the 5WP Resources. :) PS. Glad to see/hear another woman in the bug hunting world! Thank you for sharing. (liking and subscribing) Tifkat
Awesome video!
Ty amazing explanation!
Thank you so much
Thankyou ma'am!!
I LOVE you videos.
Lots of love
Thank you 😍
Finally found a bigger voice to help!!
And Small query:
Can i do xss with just my android mobile using termux and burpsuite inside it, or can i just search for bounty websites and test them directly with my mobile without burp?
Thanks for this video plz make a video about the xss source code analyses and the filter waff bypass tricks ✌
I’ll definitely add this to the list :)
Yeah am also looking for this .how to identify xss in source code .thanks in advance
Nice whirlwind tour of XSS, Katie. I really need to set some time aside to do those Portswigger labs on DOM-based XSS!
Two things:
1. I would have liked to hear that reflected/stored, DOM-based/generic, and self/non-self are orthogonal, though. Although some combinations are more frequent than others, you can in theory encounter all eight of them.
2. It would be worth mentioning that self XSS can be exploited (and rewarded!) if combined with a CSRF attack (used to install the XSS payload).
Very good points! I think you are right that my video was missing these. Especially the self XSS + CSRF which I actually covered in the CSRF video.
@@InsiderPhD No problem. I love your video content ; keep them coming. And stay safe!
finally .... loud voice :v thank you :)
Question:
Is it necessary to have a great knowledge about pentesting to actually start bug hunting?
I recently had a conversation with my friend and he does think that.
Definitely not. And to prove this I point to myself. I have never even taken a class in security and I can bug hunt. does it help, for sure, especially if you decide you want a job in pen testing later. Determination and google is all you need to get started.
That friend of mine had taken 5 years in a degree. Now he bought 3 (around 220 hours of courses) different pentesting courses and tells me that those things will help him become a bug hunter... I think it may help a little, but not that much.
Education is always good but worth nothing if you never DO anything with that big ol’ brain 🧠!
Hey! You have to read this one first, then do some reflection, coz when you something without at least superficial knowledge, you can stack with that and lose ur motivation. Good luck man. medium.com/@ahmdhalabi/my-bug-bounty-journey-ranking-1st-in-u-s-dod-achieving-top-100-hackers-in-1-year-f208c10144fc
Self xss is xss that executes in the context of the user who submits the payload; for ex: any xss within the users account which has no impact on other users. Not necessary to get it done via the dev console/editing html source.
If you can handcraft a payload to send to a user that will execute on their account, that’s reflected XSS, not Self XSS. Self XSS refers to any XSS that a user would have to type in themselves and there’s no way to craft a payload to do it.
Hello Katie, Do you use any tool for finding and testing XSS or you do everything manually?
I am very much a manual hunter, I think you’re more likely to find bugs with a well crafted payload than spraying it out, but not everyone agrees with me :)
Hey, I found a XSS vulnerability on a website of a bug bounty program where you can inject everything in an input field because nothing is filtered. So you can use all characters (, etc). It is then stored in their database and the script is always executed when I see my username or email or firstname (depends what I edit). In my opinion a typically XSS attack but the bug bounty platform rejected it because they say it is a "self" XSS. I my opinion it is not "self" XSS because this script is saved on their database and executed for every user which sees my credentials. It also does not need a social engineering attack for execute this script. Am I wrong in this case and it is really a self XSS and can you explain why?
Did you check that another person can execute the XSS you put? Maybe it is a self xss or they scamed you
@@agusten7 thank you for the answer. They replied me that they were mistaken and it is a stored xss but I do not get a bounty because I cannot view the name or email of another person and therefore it is only theoretical (if I would social engineer a admin or a worker of the company). Its a bit annoying because they do check the input of an input field at all but i cannot exploit it in a way that i get a bounty
Unfortunately this is the correct answer, if only the victim sees the XSS then you can't do anything to their account, since you'd need to convince the victim to paste the payload in and then view the XSS. Saying that I would put a blind XSS in that and actually ask support for help, maybe it will fire on the admin control panel.
@@InsiderPhD yes but asking support for help which then trigger the xss is social engineering on this bug bounty program :-/
But did I understand correctly that if i would be able to change the username like this and other users are able to see the username on my profile that is is a stored xss (i could prove it with a second account and show that on the second account the xss is executed when i look at the profile of the first account)? Or is my understanding of stored xss wrong?
What about Authentucated Cross Site Scripting 🤔 and Unathunticated Cross Site Scripting.