Cross-Site Scripting (XSS) Explained And Demonstrated!

Подписаться 1,1 млн

Просмотров 112 тыс.

50% 1

// Membership //
Want to learn all about cyber-security and become an ethical hacker? Join this channel now to gain access into exclusive ethical hacking videos by clicking this link: / @loiliangyang
// Courses //
Full Ethical Hacking Course: www.udemy.com/course/full-web...
Full Web Ethical Hacking Course: www.udemy.com/course/full-web...
Full Mobile Hacking Course: www.udemy.com/course/full-mob...
// Books //
Kali Linux Hacking: amzn.to/3IUXaJv
Linux Basics for Hackers: amzn.to/3EzRPV6
The Ultimate Kali Linux Book: amzn.to/3m7cutD
// Social Links //
Website: www.loiliangyang.com
Facebook: / loiliangyang
Instagram: / loiliangyang
LinkedIn: / loiliangyang
// Disclaimer //
Hacking without permission is illegal. This channel is strictly educational for learning about cyber-security in the areas of ethical hacking and penetration testing so that we can protect ourselves against the real hackers.

Наука

Опубликовано:

23 янв 2022

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 140

@WenboZhou 2 года назад

With knowing know it works, the importance of sanitizing user input is obvious. Great tutorial!

@maxselom839 Год назад

How get free internet Access in windows do vidéo?

@True0Hustle 2 года назад

This was such a great example of how XSS gets implemented. Great example, Love you all your content. Keep up the great work :)

@iShallEatChips 2 года назад

Crazy that I just posted about this on another video you did, and then today I see this video made by you. Epic. Thanks for making this.

@ClashWithHuzefa 2 года назад

Relaxing, simple and good videos as always. no complaints

@sneibarg 2 года назад

I like that you refer to yourself as "Script Kiddie Loi." As a former script kiddie of the late 90s, that resonates with me.

@Sam-fh1ez 2 года назад

Another great video, perfect explanations. This is what we need!

@michaelobando8560 2 года назад

I would like to know what is "Broken Access Control" from OWASP TOP list. What is that vulnerability? Can you explain that vulnerability in a video please?

@daudameen1916 2 года назад

Broken access control is where the developers of the website believe that users will not act maliciously towards a website for example a developer may believe that a user will use the website just the way it is intended to however a hacker would manipulate access control methods to gain unauthorised access a common type of exploit for broken access control is when a hacker adapts parameters of a url to gain access to an admin account.

@rom1463 2 года назад

Perfect I was watching Xss and I was ready to tap xss tutorial then loi is there nice !

@leonplis9926 2 года назад

this is the best video you've uploaded until now by far. there isn't too much tutorials about XSS on youtube

@BesenTV 2 года назад

I love it when you say: "That's it. It's GAME OVER!" lol

@aaronbaldwin4900 Год назад

I love your channel. Succinct and straight to the point with good examples

@FlyNewss 2 года назад

Sir can you make a video on how to do web exploration from beginning to advance please sir ??

@ultron7461 2 года назад

always awesome vdos. thanks for that. sir. 😊

@rai8855 2 года назад

Ohhhh waited for this one

@saft2529 2 года назад

finally xss tutorial(really want to learn xss scripts)

@JL-ud6xx 2 года назад

Good demo on how to perform xss practically!

@GameReality 2 года назад

Absolutely amazing :D Love this ........ :)

@sindhuja.dindigala7598 2 года назад

That hat suits you perfectly sir. Great content:)

@themistoclesnelson2163 2 года назад

Great video!

@abdulrazzaq5577 Год назад

Well explained Well done👍

@Monkeyindatrees 2 года назад

would you please share the code you are using to try your demos out myself? Could be a cool thing

@ArSiddharth 2 года назад

Nice video sir | I'm Big fan from india ❤️

@Potter_3810 2 года назад

all what you do is amazing as hacking I think you should a video on how installing software on a USB or hard disk just like in films

@pushpakvuppalapati868 2 года назад

Hey Liang !!! great follower of your videos. Love from India.. Can you please do a tutorial on DOM XSS.

@abdullahshune5150 2 года назад

that what am looking for am glad my teacher is HE :)

@rahultiwari.95 2 года назад

great video dude

@Skaxarrat Год назад

Stellar explanation

@dareenoch6880 2 года назад

The endpoint has to be vulnerable to open redirect to perform a cross site scripting

@dareenoch6880 2 года назад

A reflected xss*

@racapadexxa_ 2 года назад

And there's a flag you can put on Cookie's (who's name I don't remember now) than disallows document.cookies access to certain cookies

@mrawesome5286 2 года назад

Love you hacker loi ❣️❣️❣️❣️❣️❣️❣️ loving your sessions 🦋

@soniatix 2 года назад

Perfect ! Thanks !

@technofire4899 2 года назад

Ur video to much help full 😌🥺🥺

@asgaraliyev8740 2 года назад

thank you

@michealsichilongo 2 года назад

Awesome 👍👍

@nirajsalunkhe5532 2 года назад

Thank you sir😀

@EmreLism 2 года назад

Most of the Frameworks are XSS safe. Is there any next level xss?

@infinitybrutal 2 года назад

Let's Go With One More Toutorial

@arghya10000 2 года назад

You are a genius

@husinhmada7618 2 года назад

Please make a video explaining the write exploiting vulnerabilities and port

@rukyp Год назад

very naice, i laike.. 🙂

@ShubhamPawde 2 года назад

Love u loi for such ur content

@ricardogabrieldavid4688 Год назад

Thanks a lot

@jail8011 2 года назад

You should do a full ethical hacking course

@_bite_meals 2 года назад

Hey I am 1st to like 😁

@CyberSecForce 2 года назад

Super 👌

@mestanislao857 2 года назад

Thank you..

@FrogInALog_ 9 месяцев назад

me when I alert(1)

@team_narsimha 2 года назад

Loi your all time best hacker

@darkerh4ck3r61 2 года назад

You are my idol

@Thousif_talks 2 года назад

Hello Sir, can you please Make an vedio on advanced android and windows hacking

@mytube7473 7 месяцев назад

Nice, BUT its not clear in your video which of those burp attacks worked ?? I know you showed how to put it into the browser manually, but that would be just as slow as trying them all manually. Does burp indicate which worked?

@unknownanonymous6247 2 года назад

Sir pls upload a video on how to setup a proxy chains

@isabellalobo2577 2 года назад

Would it this apply to a website landing page link as well? I have clicked in a landing page link and it was a scam. Could my computer be hacked ? How do I fix it?

@leblanc666666 2 года назад

definitely interested in DOM-XSS, that stuff always makes my nose bleed :P

@dapakers 2 года назад

sir can u help us caprture scammer here at my place.weve already filed a police complaint yesterday.. but they cant do nothing.coz here at province theirs no such thing as cybersecurity agancy..

@tatsugaya3548 2 года назад

Yeahhhh i'm there !!!

@andy_SgS 2 года назад

What software does he use to enhance his microphone?

@abdullahshune5150 2 года назад

Teacher I have A Idea For Your Next Class Is About SQLite3 Database Thank You it would help me 100%

@arefabdollahi5649 2 года назад

shuch a wow ,I LOVE YOUUUUUUUU LOI ,you are the best

@1uk416 2 года назад

Yeaaa boi

@breakermarwan Год назад

where can I try this steps for practicing ?

@coleXao 9 месяцев назад

You demonstrated it on this hackaton page...so suposedly these parameters that you type on the url would work on any other site?

@play-good 2 года назад

Thanks broo

@fonte1184 2 года назад

Please what OS do I need to get started

@Stew02847 2 года назад

thanks sir Loi

@fgclue 2 года назад

nice

@bradcage7345 2 года назад

Please make a video on call spoofing

@aruyoshin8103 2 года назад

Can we upload php shell using this vulnerability?

@nusn43 2 года назад

Mantap

@singing_dev 2 года назад

Thank you so much for this video Hacker Loi, I'm a huge fan 💙

@user-oy5ij3oy4r Год назад

from where i can get the file xss.txt ? ? thank you !

@boss-pk4qk 2 года назад

What about getting into car systems

@lolamax25 2 года назад

does it work against secured web sites?

@bauyrzhanmustafa4334 9 месяцев назад

Is that method similar to CSRF or what?

@akashbharti8748 2 года назад

Gm from unkown

@sakshamsharma9763 2 года назад

Sir can you make a video on how to do web exploition from beginning to advance please sir ??

@FlyNewss 2 года назад

@whothefuhkizzy8797 2 года назад

Yo man I’m just starting out with hacking. I’ve got kali Linux booted up from my hard drive but I’m having a hard time finding out where to begin because this shit is a lot to learn. Can you or anyone else point me in the right direction of some good educational sources? Where did you learn everything you know

@hemanthk6960 Год назад

Thanks sir.. 🙏🙏

@ritiktiwari8535 6 месяцев назад

I did not get anything after 5:24 can anyone please explain it?

@user-qt3bd3mx4h 2 года назад

Hello 👋

@name_unavailable7 3 месяца назад

Where can I get the file for the website

@celinekohsingaporerealesta1466 2 года назад

👍👍

@usmansiddique3694 2 года назад

how can I will be a member of this youtube channel so I can watch videos

@benjieunabia4852 Год назад

❤️❤️❤️

@cryptotonic567 2 года назад

💪

@daivomjoshi56 2 года назад

WHICH ONE WOULD YOU PREFFER ? WHICH ONE IS THE BEST IN ALL TERMS ?? KALI LINUX or PARROT OS ?

@nono-fq1tl 2 года назад

Both are very solid distros. Started with kali but enjoying the parrot more recently.

@daivomjoshi56 2 года назад

@@nono-fq1tl Which one has more functionality and capabilities ?

@bayandamabuza6587 2 года назад

Enlighten me, but already have login credentials

@pksumon2603 2 года назад

Hello sir

@LogicalPersonAllTime 2 года назад

i also want to learn EH i cant pay please help

@ReligionAndMaterialismDebunked Год назад

:25 no fingertip covering of the gloves. 💀💀😅😅 Wipe that stuff later? XD

@hey88ho 2 года назад

Can someone please tell me how can we prevent this from happening?

@Doralex1708 2 года назад

The payloads that you used are directly from Burp or did you coded them yourself ?

@user-ke8of7xl9v 2 года назад

Sorry, I'm a little confused 👀💧 I can see the injection part but can't see how exactly how someone's credentials can be stolen. I'm guessing that someone's session ID is being stolen. I might be able to understand better if this was demonstrated with a second device. Good video though. I know making videos takes a lot of effort 👀👍

@imaboyinblack 2 года назад

the phpsessionid he got was the admin account's session id so he replaced his own one with the admin's one after he logged out and then that put him into the admin account, but i dont think it can just pull straight up CREDENTIALS like a password