Тёмный

Covering The Under Rated Vulnerabilities: CORS Misconfiguration #1 

BePractical
Подписаться 21 тыс.
Просмотров 2,7 тыс.
50% 1
ВидеоПоделитьсяСкачатьДобавить в

In this video, I’ll walk you through CORS misconfiguration and why it matters. We’ll start with a simple introduction to what CORS (Cross-Origin Resource Sharing) is and how it works. Then, I'll show you a real-life demo of how attackers can use CORS misconfigurations to access data they shouldn’t be able to. Finally, I’ll share easy tips on how to fix these issues and keep your apps safe. This video is perfect for anyone who wants to learn about CORS vulnerabilities and how to protect against them. Let’s make your web apps more secure together!
PoC Link: drive.google.c...
Website: bepractical.tech
Telegram: telegram.me/be...
Previous Video: • Bug Bounty: Content Di...
The Art Of Web Reconnaissance:
www.udemy.com/...
Hacking Windows with Python from Scratch: www.udemy.com/...
The Ultimate Guide to Hunt Account Takeover:
www.udemy.com/...

Опубликовано:

 

17 сен 2024

Поделиться:

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист
Посмотреть позже
Комментарии : 19   
@MianHizb
@MianHizb 9 дней назад
4:10 there is no such thing as request 2 3, its not websockets its http stateless, preflight requets dont occur here, if you can correct that, it will be great, it only happens in non common http methods like delete still that is something else. Cheers
@AttackerShihab
@AttackerShihab 10 дней назад
Hey make portswigger all labs complete video .
@bugstester9919
@bugstester9919 5 дней назад
which user's cookie is sent by poc.html code, even though there is session_id:admin was the cookie session of the user, which user is deleted by this code of poc
@jawathossainrian
@jawathossainrian 9 дней назад
Really an Great Educational Material Openly Available
@jawathossainrian
@jawathossainrian 9 дней назад
Bro can u use RU-vid transcript to add subtitles to your video? Automated subtitle are really pain
@akhilreddy9753
@akhilreddy9753 10 дней назад
What if it is in the forget password endpoint . I can send the request through cors .is it valid or informative
@BePracticalTech
@BePracticalTech 10 дней назад
Informative. You need to find an endpoint that is handling something sensitive. For example: An endpoint that can fetch users, edit profile, delete user etc
@om3726
@om3726 10 дней назад
Hi Bro/sis please make videos on High Severity bugs P1,P2,P3 Starting from easy to find & understand to complex
@ZaraRashidKhan
@ZaraRashidKhan 10 дней назад
Thank you for sharing
@BePracticalTech
@BePracticalTech 10 дней назад
Glad you liked it!
@nedurunaveen0417
@nedurunaveen0417 10 дней назад
Thanks broo
@pawankandu914
@pawankandu914 10 дней назад
sir can you please can you share your nu.of experience in bug bounty
@BePracticalTech
@BePracticalTech 10 дней назад
@@pawankandu914 I started bug bounty in 2020
@Mr.3cho
@Mr.3cho 10 дней назад
I want to be your student to learn bug bounty guruji😅
@BePracticalTech
@BePracticalTech 10 дней назад
I am glad to hear this! We will be planning something soon for this one!
@pratyushkashyyy
@pratyushkashyyy 10 дней назад
Heyyy
@BePracticalTech
@BePracticalTech 10 дней назад
Heyy
@SecureByBhavesh
@SecureByBhavesh 10 дней назад
First !!!!!
@BePracticalTech
@BePracticalTech 10 дней назад
Thanks for the support Bhavesh!
Далее
I used AI to hack this website...
23:23
I used AI to hack this website...
Просмотров 32 тыс.
How To Get Arrested In 30 Minutes: Cracking A GSM Capture File In Real-time With AIRPROBE And KRAKEN
35:16
How To Get Arrested In 30 Minutes: Cracking A GSM Capture File In Real-time With AIRPROBE And KRAKEN
Просмотров 1,7 млн
НЕ ОТКРЫВАЙ ЛЕГО НАБОР ЗООНОМАЛИ в 3:00 ночи!
20:09
НЕ ОТКРЫВАЙ ЛЕГО НАБОР ЗООНОМАЛИ в 3:00 ночи!
Просмотров 684 тыс.
Колеса и лифт GMC 6x6: Топ 5 изменений для Пикапа
45:38
Колеса и лифт GMC 6x6: Топ 5 изменений для Пикапа
Просмотров 411 тыс.
ТРАГЕДИЯ на ГОНКАХ. Заезд на ДЕНЬГИ TOYOTA MARK 2 против AUDI RS6
50:01
ТРАГЕДИЯ на ГОНКАХ. Заезд на ДЕНЬГИ TOYOTA MARK 2 против AUDI RS6
Просмотров 264 тыс.
A VINGANÇA DE RONALDO FENÔMENO! 😂😱 #ronaldo #ronaldoskills #realmadrid
00:19
A VINGANÇA DE RONALDO FENÔMENO! 😂😱 #ronaldo #ronaldoskills #realmadrid
Просмотров 1,2 млн
Bug Bounty: Best Way To Find XSS & Bypass WAF | Live Demonstration | 2024
15:52
Bug Bounty: Best Way To Find XSS & Bypass WAF | Live Demonstration | 2024
Просмотров 19 тыс.
Cybersecurity Certs that ARE NOT Worth It | Which Cybersecurity Certs AREN'T Worth It to Get?
13:49
Cybersecurity Certs that ARE NOT Worth It | Which Cybersecurity Certs AREN'T Worth It to Get?
Просмотров 34 тыс.
How to Bypass 403 forbidden l Bug bounty | Ethical Hacking | Penetration Testing
15:44
How to Bypass 403 forbidden l Bug bounty | Ethical Hacking | Penetration Testing
Просмотров 7 тыс.
Best OS for programming? Mac vs Windows vs Linux debate settled
8:41
Best OS for programming? Mac vs Windows vs Linux debate settled
Просмотров 1,2 млн
everything is open source if you can reverse engineer (try it RIGHT NOW!)
13:56
everything is open source if you can reverse engineer (try it RIGHT NOW!)
Просмотров 1,4 млн
Setting up a production ready VPS is a lot easier than I thought.
29:50
Setting up a production ready VPS is a lot easier than I thought.
Просмотров 109 тыс.
poc for Cross-Origin Resource Sharing (CORS) Misconfiguration Allowing Unauthorized Data Access
15:01
poc for Cross-Origin Resource Sharing (CORS) Misconfiguration Allowing Unauthorized Data Access
Просмотров 3,8 тыс.
Bug Bounty: How Developers Implement 403 & How To Bypass Them? | 2024
12:32
Bug Bounty: How Developers Implement 403 & How To Bypass Them? | 2024
Просмотров 10 тыс.
The Anti-Virus Tier List
9:38
The Anti-Virus Tier List
Просмотров 1,1 млн
4 Ways To Use SQLMAP Effectively For SQL Injection! | Bug Bounty | 2024
12:30
4 Ways To Use SQLMAP Effectively For SQL Injection! | Bug Bounty | 2024
Просмотров 8 тыс.
НЕ ОТКРЫВАЙ ЛЕГО НАБОР ЗООНОМАЛИ в 3:00 ночи!
20:09
НЕ ОТКРЫВАЙ ЛЕГО НАБОР ЗООНОМАЛИ в 3:00 ночи!
Просмотров 684 тыс.