Watch how Hackers deface websites...

preview_player
Показать описание

In this video, I demonstrate how hackers deface websites with Stored Cross Site Scripting (XSS). Stored cross-site scripting arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way.

If you don't know what defacing is, it simply means maliciously changing the content of a website so that whenever any user goes to the website they see the content that has been put there by the hacker instead of the actual website.

The website that I used in this video is an open source web application that is built to be vulnerable to numerous vulnerabilities. I made some minor modifications to the app to help me perform my demonstration.

DISCLAIMER: This video is intended only for educational purposes.
The experiments in this video are performed in a controlled
lab setup and not on a live target. The content is purely
from a penetration testing perspective. I do not
condone or encourage any illegal activities.

To setup this vulnerable app on your computer, install docker and execute these commands:
1. Pull the Image from docker hub:
docker pull tejaswaroop156/juice_shop_mod
2. Start the app
docker run -d -p 3000:3000 tejaswaroop156/juice_shop_mod

Thanks for watching!
SUBSCRIBE for more videos!
  1. Tech Raj
  2. cross site scripting
  3. xss
  4. deface
  5. website deface
  6. defacing website
Рекомендации по теме
Watch how Hackers 0:08:39

Watch how Hackers deface websites...

Watch how Hackers 0:04:29

Watch how Hackers deface websites | in 2 minutes 6 seconds

4 Ways Hackers 0:06:30

4 Ways Hackers Use To Deface A Website!!

how hackers hack 0:08:06

how hackers hack any website in 8 minutes 6 seconds?!

how hackers hack 0:09:06

how hackers hack any website in 9 minutes 6 seconds?!

Website Hack Deface 0:00:11

Website Hack Deface Attack

how to hack 0:04:31

how to hack and deface website with Nmap

How To Deface 0:06:40

How To Deface Website With Xss (JS) | H4K-XTRA

DEFACE WEBSITE EASY 0:02:03

DEFACE WEBSITE EASY PoC | DEFACE WITH XSS!!! CARA DEFACE WEBSITE SEKOLAH SIMPLE!!!

How to deface 0:02:17

How to deface website | website defacemant | deface any website??

HOW HACKERS DEFACE 0:02:08

HOW HACKERS DEFACE WEBSITE? | XSS |POC

4 Ways to 0:08:39

4 Ways to Hack a Website!

Website Defacement: The 0:08:24

Website Defacement: The Ultimate Guide | How Hacker Deface Website

Deface in Seconds: 0:04:24

Deface in Seconds: Hacking Websites Simplified – Lec 63

How To Deface 0:02:15

How To Deface Websites | Mr. Invincible 001

How To Deface 0:05:33

How To Deface a Website in 3min | Mr.Invincible_001

jso xss deface 0:00:50

jso xss deface

How to deface 0:09:07

How to deface website! without shell upload | Alfaz Infosec

How to HACK/DEFACE 0:03:44

How to HACK/DEFACE Website

Website Hacking Hack 0:00:26

Website Hacking Hack Website Deface Page #viral #shorts

How Hacktivists Deface 0:08:03

How Hacktivists Deface Websites [How to prevent XSS]

Hacked and Backdoored 0:20:58

Hacked and Backdoored this website in MINUTES! NEVER try this on unauthorized targets!

How Hackers login 0:13:14

How Hackers login to any websites without password?! WordPress hacking

Hackers deface House 0:00:46

Hackers deface House of Representatives website

Комментарии
Автор

man your videos are so clear and the music is just mwah

mnageh-bomm
Автор

Hello buddy, can you make a full course on website defacement please

leyashu
Автор

Full video on this with full explanation

ttgyanofficial
Автор

1. I don't think this changes every part of the website. Just the url that linked to this user. I might be wrong here but that's how I interpreted this. Especially if the server rerenders thing on requests (Say with a templating engine). Then I don't see how this could pollute any code outside on this user's link.

2. The initial payload needs to be hosted, but once it's does its job, depending on whether the website backends rerenders the page on request or not, it might not needed to be continuously hosting. However, in most modern sites it most likely will still be rerendered. So you will have to continuously host the script.js somewhere.

Now, what's the point of this? Say if you have a site someone can donate to you via your user page. You can have a part of your bio be replacing the donate button to link to your own site - and then card stealing that way. (Literally 101 example of xss)

opposite
Автор

Bro this changes only seen by us when we login with our credentials. How these changes become permanent to other user also

arthatattvam
Автор

Hi
How to install wordpress in subdirectory in aws

girivasan
Автор

How does fing block system work as it's doesn't access your router admin panel

Arian-Ices
Автор

imagine if youtube had this problem
going into some video and theres some "HACKED!!!" page

quelnan
Автор

Super Videos ...., Our Website Ship ticket booking ...but someone is ...blocked and booked all tickets ..then ....Pay a person with extra money...

How to block him from my PC?

I injected some JS to ...automate ....name, password fill...but ..next button clicking not possible ....a captcha code occurs..how to disable ...the captcha verification...

If I can't get a ticket ..I am struck at Kerala...

I want to go to My Island 🏝️😢.

I am asking you for this because ...I need to go fast and take my ticket ..before the hacker is doing it ...can you please help ....

sayyidnaeemulhaquemayankak
Автор

Just a question, did you just download a picture off the web and changed it to hacker.png and basically added that into your js file with the html script?

phillydee
Автор

Can i use social media by create account in them through being anonymous

hqwmgiyujcg
Автор

How to host a file on the target website where we left the xss payload.. that's is where the defacement takes place...

krivadnaaiservices
Автор

So after injecting the payload how does a website get rid of the code? Because in real world scenarios this can cause a lot of damage.

saleemahmed
Автор

Wow, you really intelligent and full of knowledge

xXxMAKARVxXx
Автор

Im learning hacking, can u tell me what are the best pro hacking group i want to join

hqwmgiyujcg
Автор

Video on how to find someones phone number, address, email, password, ip address in the first place

hqwmgiyujcg
Автор

Good video, need more ways to hack website... (For learning purposes)

ra.njan_kr
Автор

<script>alert('XSS Attack!');</script>

TommyDoan_
Автор

I want to make a script for a game, brother, I want to earn money. Tell me brother, will you help me?

jokerhackr
Автор

How to hack social media companies and power my social media account so that no one cant block me and my post get popular and on top

hqwmgiyujcg