Welcome to the comment section! First, thanks for watching! Make sure you are subscribed if you liked the video! ru-vid.com Follow me on twitter: twitter.com/gregxsunday ✉️ Sign up for the mailing list ✉️ mailing.bugbountyexplained.com/ ☕️ Support my channel ☕️ www.buymeacoffee.com/bountyexplained 🖥 Get $100 in credits for Digital Ocean 🖥 m.do.co/c/cc700f81d215
Usually, you see at the first sight which response comes from WAF, as it usually has "Blocked by WAF" message or similar. In this case, the filter didn't cause 403 status, but it was standard 200 OK, but some parts from the user input were deleted.
Bro i cant find the browser extension that u use at min 7:14. Its available for firefox? Could u tell me the extension name? P. D: Thanks for your videos, u are so good!
@@BugBountyReportsExplained if we look at burp suite, there's an option to replace the response header which is the xss protection right? how do you do the PoC since the burp option only aaffect our browser. is that even make sense?
Great video, thanks for outlining all the steps! Am I wrong or html encoding HTML special characters on the waf or application side would have been enough to prevent the exploit?
How can someone became a Pro bug hunter ? Why very few bug hunter are successful in a long run ? What can be done , what should be learning continuously to stay ahead?
well, that is a good question, but you should ask profession bounty hunters. I'm mainly a pentester and that's why I understand all this stuff, but Im not really actively doing bug bounties since I've started the YT channel.
Can someone explain to me how a hacker uses this scenario to do something malecious in the end? It showed an alert so would it have been possible to also inject some other code which does other things? Thank you
Showing an alert box is an indicator that attacker was able to run javascript. Of course, alert is not malicious but being able to run javascript is. by running javascript, you can do a ton of things (basically everything that the frontend application would do) and some common techniques are to send the "victim's" cookie to an attacker, extract other information from the application and send it to the attackers, etc. xss is a client-side attack meaning that all those attacks are done towards another user by sending a malicious link to the "victim" if we are talking about a reflected xss or mass-targeting a lot of users that visit a specific page when we are talking about stored xss. the sky is the limit if your application suffers from xss.
i'd go for: 1) python or other scripting language where you will be able to write some scripts if you need 2) write some web applications to understand the developer side of things 3) some knowledge about bash or equivalent
