Finding Your Next Bug: Blind Cross Site Scripting (XSS) & XSS Hunter

preview_player
Показать описание
You asked for it and it's here! This is the first episode in the Finding Your Next Bug series and we're talking about blind XSS. With everyone looking for XSS bugs, WAF bypasses being even more complex and developers wising up blind XSS can be a neat way to find bugs that others don't. This type of stored XSS is awesome for hunting XSS in places you don't expect, logs, admin control panels, repair panels, etc. In this video we go from 0 knwoledge of blind xss, to a demo showing how it works. We also go over how to use XSS hunter and what it does. Finally we talk about some of the cool and some of the mundane blind XSS bugs that others have found.

Finally we talk about some of the cool and some of the mundane blind XSS bugs that others have found.
Further Reading:

Case Studies:
  1. InsiderPhD
  2. cross site scripting
  3. xss attack
  4. xss tutorial
  5. finding your first bug
  6. insider phd
Рекомендации по теме
Finding Your Next 0:22:11

Finding Your Next Bug: Blind Cross Site Scripting (XSS) & XSS Hunter

I’m blind it 0:00:21

I’m blind it wasn’t me! #shorts

Blind SQL Injection 0:11:39

Blind SQL Injection Made Easy

Defending your Blinds 0:03:50

Defending your Blinds

Blindness is a 0:00:30

Blindness is a Spectrum and not all or nothing #blind #vision #misconceptions #awareness

Miracle Doctor Saves 0:00:59

Miracle Doctor Saves Blind Girl ❤️

XSS BUG BOUNTY 0:06:13

XSS BUG BOUNTY #5: FINDING BLIND XSS IN WEB APPLICATION

Making of Toca 0:01:00

Making of Toca Boca Blind bag was never so easy! My Toca Boca Squishy! #blindbag |#shorts |#tocaboca

How Blind People 0:00:54

How Blind People Can Echolocate 🤯🐬

I Bought an 0:23:51

I Bought an Abandoned Storage Unit BLIND! Was it a Big Mistake?

Blind Dog Gets 0:00:13

Blind Dog Gets SO Excited After Finding Ball!

Poker Blinds | 0:01:34

Poker Blinds | Poker Tutorials

Stored, Blind, Reflected 0:29:07

Stored, Blind, Reflected and DOM - Everything Cross--Site Scripting (XSS)

I Paid $1,000 0:10:22

I Paid $1,000 on loose a blind NES, SNES, N64 box of games

Watch Now!! Finding 0:00:15

Watch Now!! Finding my siblings blind folded !!! ✨ #notenoughnelsons #nenfam #siblings #viraldance...

When to DEFEND 0:14:44

When to DEFEND Your BIG BLIND In Poker!

Why are We 0:01:00

Why are We Blind to Africa? #23

This Video Will 0:08:02

This Video Will Make You BLIND For 6 Seconds..

Chike sings ‘Roses’ 0:02:05

Chike sings ‘Roses’ / Blind Auditions / The Voice Nigeria

Girl Finds Out 0:29:43

Girl Finds Out LONG DISTANCE BOYFRIEND IS BLIND | Dhar Mann Studios

The Blind Side 0:02:30

The Blind Side (2009) Official Trailer - Sandra Bullock, Tim McGraw Movie HD

Blind bag #tonniartandcraft 0:00:59

Blind bag #tonniartandcraft #love #art #craft #youtube #youtubeshorts #diy

Blind Spots - 0:05:34

Blind Spots - Part 1 - What Are Blind Spots?

Stevie McCrorie performs 0:01:56

Stevie McCrorie performs ‘All I Want’ - The Voice UK 2015: Blind Auditions 1 – BBC One

Комментарии
Автор

Video is pretty good. Everytime I needed motivation to continue in bug hunting, your channel notification comes up. Please continue your amazing work.

velurubharath
Автор

I really forgot to sub last time. Error corrected, great stuff Katie! Looking forward for more :)

StefanRows
Автор

XSS Hunter no longer accepting sign ups :(

darkyolks
Автор

Love the videos you explain everything so well! any plans on making a video about XXE in the near future?

nebdar
Автор

I always feel smooth when you share your computer screen. Is it me or Is it to everybody?

ajith
Автор

Hi. I just started viewing the video. Will comment once it is over. :)

velurubharath
Автор

31% I think it's 21.8% at 3:31 if I am not wrong

tsrisanath
Автор

Kida dumb question
If one injects xss payload into http header what would be the impact
Will it work

TheBashir
Автор

Can we upload SHELL via XSS ? Or similar vulnerabilities exploitation methods like LFI, RFI, RCE to "upload SHELL" in web server directory to gain root access ? 🤔 . If yes, then please do educate us because I submitted many XSS popup vulnerability reports to HackerOne BugCrowd Integrity but all were rejected due to missing SERIOUS IMPACT. Hope to hear from you soon. Thanks 🤝 ❤💚💙✌💯👍

Free.Education
Автор

Very nice work! Next could you go in deep with this? for example, where each xss hunter's payloads works? or which can we use depending scenario? Regards!

lukaslokillo
Автор

Weird, 2021 the screenshot API is not working anymore. Yours too?

TheZakMan
Автор

Hey Katie ! Your explanation is better when you make long videos like for 40-50 min. It will help if you make that type of content more! thank you!

aayushkawathekar
Автор

19:00 isn't that LocalTapiloa? in the report??

chetah
Автор

Hello pro. It is perfect. Please share slide :))))

hanoi
Автор

<script>alert('botah of wotah')</script>

ordigen_brc
Автор

i love your tuts but please my eyes is fucked due this white background

expert