1:30 That moment when the FBI enters your house for attempting to do a XSS 😂 Thanks for your videos man. They are really helping me on my last year of university for the cyberattacks subject. I'm in the last year of the computer engineering degree at university. Greets from Spain.
in medium part, the url passed should be 127.0.0.1/dvwa/vulnerabilities/xss_d/?default=English in video there's no double-inverted commas when passing value to onerror attribute, so please correct it, whoever is stuck there
Hey! I'm following your walkthroughs and learning how to hack. In your first try when you couldn't get the alert to show up, it was because of double quotes: ". After the first quote, you have to do single quote inside alert(' ') otherwise it will close early. We can also use backticks and es6 fetch for sending the data back to our server without redirecting the user.
hey good question which i should really of explained better in the video 😮 i just tested this again now, if you don't break out of the statement then the payload is inside the "value" of an tag and the characters become URL encoded so they dont execute when reflected on the page. when you get chance you can try both ways again and use F12 (devtools) inspector and ctrl + F to find your alert(0) and see the difference between the two payloads.. i wish i would of done this in the video, apologies 😳