Website Hacking Demos using Cross-Site Scripting (XSS) - it's just too easy!

Подписаться 2,5 млн

Просмотров 317 тыс.

50% 1

It's just too easy to attack websites using Cross Site Scripting (XSS). The XSS Rat demonstrates XSS attacks. XSS Rat explains and demos cross-site scripting (xss) attacks.
// MENU //
00:00 ▶️ We are taking over the world!
00:16 ▶️ Introducing//XSS Rat//Wesley
01:28 ▶️ What is XSS/ Cross Site Scripting?
02:59 ▶️ Types of XSS
05:15 ▶️ Reflected XSS
06:22 ▶️ Example of data sanitization
07:35 ▶️ Circumventing filtering with the img tag
11:01 ▶️ Sending a Reflected XSS Attack to Someone
12:01 ▶️ Using HTML comments as an attack vector
13:49 ▶️ Using single quotes to break out of the input tag
15:14 ▶️ Don't use alert() to test for XSS
17:33 ▶️ What you can do with Reflected XSS
19:26 ▶️ Stored XSS
20:31 ▶️ Using comments for XSS
21:05 ▶️ Example #1 of Stored XSS on Twitter
21:42 ▶️ Example #2 of Stored XSS
22:12 -▶️ The answer to the ultimate question of life, the universe, and everything.
22:56 ▶️ Stored vs Reflected XSS
24:22 ▶️ AngularJS/Client Side Template Injection
25:06 ▶️ Don't use JavaScript?
26:09 ▶️ Where to learn more//XSS Survival Guide
27:04 ▶️ DOM Based XSS
29:36 ▶️ List of DOM sinks
30:12 ▶️ jQuery DOM sinks
32:15 ▶️ XSS Rat Live Training
33:00 ▶️ Support XSS Rat//Wesley
34:06 ▶️ Closing//Thanks, Wesley!
// Demo Sites //
hackxpert.com/labs
hackxpert.com/ratsite
// David's SOCIAL //
Discord: / discord
Twitter: / davidbombal
Instagram: / davidbombal
LinkedIn: / davidbombal
Facebook: / davidbombal.co
TikTok: / davidbombal
RU-vid: / davidbombal
// XSS Rat SOCIAL //
Twitter: / thexssrat
RU-vid: / thexssrat
Website: thexssrat.podia.com/
// XSS Rat's Udemy course //
XSS Survival Guide: www.udemy.com/course/xss-surv...
// XSS Rat's courses and bootcamps //
thexssrat.podia.com/
// MY STUFF //
www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
xss
cross site scripting
portswigger
ajax
jscript
javascript
xss attack
xss video tutorial
xss attack tutorial
xss explained
xss attack example
xss bug bounty
xss tutorial
xss vulnerability
xss vs csrf attack
xss example
xsser
xsssa facebook
xsssa
kali linux
penetration testing
ethical hacking
bug bounty
cross site scripting
cross-site scripting
red teaming
cyber security
kali linux install
kali linux 2022
ethical hacker course
ethical hacker
javascript
ajax
jquery
node js
node js hacking
portswigger
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
#xss #javascript #hacking

Наука

Опубликовано:

29 июн 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 226

@davidbombal 2 года назад

// MENU // 00:00 ▶ We are taking over the world! 00:16 ▶ Introducing//XSS Rat//Wesley 01:28 ▶ What is XSS/ Cross Site Scripting? 02:59 ▶ Types of XSS 05:15 ▶ Reflected XSS 06:22 ▶ Example of data sanitization 07:35 ▶ Circumventing filtering with the img tag 11:01 ▶ Sending a Reflected XSS Attack to Someone 12:01 ▶ Using HTML comments as an attack vector 13:49 ▶ Using single quotes to break out of the input tag 15:14 ▶ Don't use alert() to test for XSS 17:33 ▶ What you can do with Reflected XSS 19:26 ▶ Stored XSS 20:31 ▶ Using comments for XSS 21:05 ▶ Example #1 of Stored XSS on Twitter 21:42 ▶ Example #2 of Stored XSS 22:12 -▶ The answer to the ultimate question of life, the universe, and everything. 22:56 ▶ Stored vs Reflected XSS 24:22 ▶ AngularJS/Client Side Template Injection 25:06 ▶ Don't use JavaScript? 26:09 ▶ Where to learn more//XSS Survival Guide 27:04 ▶ DOM Based XSS 29:36 ▶ List of DOM sinks 30:12 ▶ jQuery DOM sinks 32:15 ▶ XSS Rat Live Training 33:00 ▶ Support XSS Rat//Wesley 34:06 ▶ Closing//Thanks, Wesley! // Demo Sites // hackxpert.com/labs hackxpert.com/ratsite // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal RU-vid: ru-vid.com // XSS Rat SOCIAL // Twitter: twitter.com/theXSSrat RU-vid: ru-vid.com Website: thexssrat.podia.com/ // XSS Rat's Udemy course // XSS Survival Guide: www.udemy.com/course/xss-survival-guide/ // XSS Rat's courses and bootcamps // thexssrat.podia.com/ // MY STUFF // www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

@cryptocause9285 2 года назад

Thanks! Love your Instagram posts

@HybridMonster19 2 года назад

@@CodeWithJoe please elaborate

@faran4536 2 года назад

Wow David you're collaborating with awesome people ♥️♥️.. here you dropped this king 👑

@davidbombal 2 года назад

Thank you Faran!

@MisterK-YT 2 года назад

That’s mine bruh.

@ffgangbd4984 2 года назад

@@MisterK-YT 😂

@jpierce2l33t 2 года назад

LOL David I just started following the XSS Rat not long ago! Either you're in my head, or I'm on the right track...'cause this just keeps happening! 🤣 Love that you're helping expose these gems of our community to the masses...great stuff man!

@bertrandfossung1216 2 года назад

David you’re just the best. Keep pouring these contents . I’m really having fun .

@bloudengaming8736 2 года назад

Your videos are also so informative and entertaining! Thanks David!

@davidbombal 2 года назад

Thank you! Glad you like them!

@juliusrowe9374 2 года назад

Once again great vlog David! Your channel is so awesome, you always have a great wealth of knowledge from all the guest that appear on the channel. I'm very appreciative of learning new things every time I tune in.

@ErikNainggolan День назад

Mamamia, how can a person talk with such a relaxed vibe yet be rich with dang seriously valuable insights!! One of the best gem findings I've ever encountered in YT! Thanks, David and XSSRat! I could feel the ridiculously strong vibe to the point I am liking XSS hahaha ... Just a bit sad that the labs are no longer shared...

@rajmaharjan9828 2 года назад

This channel is on fire! Loving these videos David!

@charlesmarseille123 Год назад

He is ridiculously clear in his explanations. Beautiful.

@aramv898 2 года назад

As a developer this is pretty useful. Thanks for the great value David

@fredrickawinyo 2 года назад

Damn!!! Loving these talks; learning so much and it's all thanks to you David, thanks 👍🏽

@youssefbouchara1179 2 года назад

Best content creator in the field Cybersecurity by far, informative and entertaining!

@sexyeur 2 года назад

WOW! Wesley is so awesome! Thank you so much, David Bombal!!! All love. Always.

@Uranium-bh7kt Год назад

Bro i learned so much from this guy, videos like this are terrific, please do as many as you can. Wish you the best!

@TheRich464 2 года назад

Amazing video, questions and demo very well done. I always find it amazing how you can look at one thing differently and your in. *looking at the wall with security guard checking ID’s. Wall is only 3 feet wide. Just walk around. I’m excited to see how I will look at my own code differently. Thanks again!

@davidbombal 2 года назад

Thank you! Glad it was helpful!

@DF-ss5ep 2 года назад

Tutorials on the net about this stuff are so confusing. Sometimes they appear to contradict one another. It's no wonder they have mistakes. Good video

@noi.d609 2 года назад

Third time watching through. I will be signing up for the boot camp thank you for this.

@ptyspawnbinbash 2 года назад

As always, amazing content!

@edmorris4720 2 года назад

great work david, nice questions!!

@wojciechneugebauer5926 2 года назад

Awesome content as always! Wesley seems pro and really nice guy!

@TheXSSrat 2 года назад

Thank you friend :D

@katok9938 2 года назад

@@TheXSSrat you're cool man!

@premiumwaale9728 2 года назад

Thanks for providing me some supercool testing scenarios David..Love u 3000 man❤️..👍😀

@_taconator 2 года назад

Great video! thanks for the awesome content David

@user-on6zh1zx5y 3 месяца назад

graet video, your guest seems to be a nice instructor, easy to understand him as well

@adityaroy7196 2 года назад

YOU CONTINUE TO BEING THE BEST

@Cyber_AR15 2 года назад

Wow, there is so much to learn. That was a really good informative video.

@Bharath-wb8uy 2 года назад

Thank you buddy all things you do to the community if not for you people like me coming from poor backgrounds would have faced a lot of difficulty to break into cyber security

@rizekishimaro 2 года назад

A Gold Tutorial Video For Me I was Learned SQLI but Still Confused XSS this Video help me alot.Nice David.From Burma

@Angel_Santiago27 Год назад

Very nice video, I really loved it! I think I just found my new path in the IT world.

@skeptisch2751 2 года назад

I saw wesley for the first time in an interview with nahamsec. I immediately subscribed to his Chanel and watched his amazing videos 👍 java script is for me as network guy a little bit complicated but I learned the basics of reflect attack and found some vulnerability (I reported them ). Thank you David and wesley for this amazing video! ✌

@davidbombal 2 года назад

Congratulations! That is fantastic :)

@alfatech8604 2 года назад

this xssrat guy is a demon at bypassing wow just wow lol pls a video on javascript for hackers would be great

@TheXSSrat 2 года назад

Thank you dear friend :D

@jamesblock8384 2 года назад

Dang.... you know I've used templating frameworks for so long like handlebars, angular and most recently Vue. I never considered the possibility of script being injected through these templating engines but it makes perfect sense now that I've seen it.

@thevotrozz 2 года назад

Thanks David, I finally understood Cross Site Scripting

@Alain9-1 2 года назад

That's the kind of videos we love, great 🎩

@vincentkadevra 2 года назад

Thank you so much, i just upgraded the security of my project :3

@gueroloco8687 2 года назад

Interesting David thanks so much to the guy doing the teaching!!!!

@MSPHOTOGRAPHY-ep8by 2 года назад

Now I understand how it works thanks David ❤

@verenuspulo Год назад

Thanks! Another wonderfully didactic video!

@z3jlewhhda376 2 года назад

You are creating amazing content!!

@Nunn_the_wiser 2 года назад

What a really likable guy and great teaching methods. I've signed up on Udemy

@ClassicRiki 11 месяцев назад

Yeah he does seem nice. You can tell he really loves it but is up for a laugh as well

@Arayankodesouth 2 года назад

Hi David, It would be great if these type of videos include 'how to prevent being a victim of these types of attacks'.

@maumotec2345 2 года назад

Amazing content :) Thank you both for it

@parexcellence8222 2 года назад

Got scared I actually bought Wesley's Udemy course right away. David continue inviting good people to your channel. I have promised to watch your videos instead of the Ukraine war news. Gives me more knowledge.

@TheXSSrat 2 года назад

Much love friend :D

@parexcellence8222 2 года назад

@@TheXSSrat I actually went to your youtube channel and subscriber there too. XSS is popular and I never understood how they were done. How you present your examples are very simple that it is very easy to understand. I see that you have the talent to teach. Thank you.

@alooy 2 года назад

This was very information ! Such topics should be taught in college , not only how to write code .

@TheXSSrat 2 года назад

The thing is, I think it really helps to know JS before beginning XSS :D

@lexkenn Год назад

Awesome vid! 💯

@wardellcastles Год назад

What a great video. I will sign up for the Udemy course. Thank you!

@Smiley-pc7ki 2 года назад

You deserve this 🍪 ( cookie represent appreciation in modder's world).

@gregoryjones4539 2 года назад

Keep the great content coming

@davidbombal 2 года назад

Thank you! Trying to bring the best content I can to RU-vid :)

@gregoryjones4539 2 года назад

@@davidbombal i like learning but am very adhd and most of the time i have no problem paying attention to your content i love your mind set poster that fish is going places lol

@TheXSSrat 2 года назад

@@gregoryjones4539 I also have ADHD :) Here's an idea friend, can you watch it in parts? I try to chop everything down into pieces and take those one at a time

@afzalmahmud1974 Год назад

Glad I know some basic of XSS security to handle as a developer. How foolish I am? . Thank you for your effort sir. Thanks a loot ❤️

@timvw01 2 года назад

Great video! Can you do a video on webassembly safety? Its an exiting new tech, and probably has some security pitfalls. For example, webassembly cannot run when you have csp headers. Cheers

@trap7369 2 года назад

amazing, he realy dominates the XSS technique

@Konvicted17 Год назад

Great INFO, Cheers !

@MichaelVanDelft 2 года назад

Keep up the great videos.

@davidbombal 2 года назад

Thank you Michael!

@LearnAlongFaizan 2 года назад

Video is great, plz make further video's on these topics

@sw-code6027 2 года назад

alert() 🙃😂

@davidbombal 2 года назад

Hopefully that doesn't work as RU-vid is better than Twitter!! 😂

@sw-code6027 2 года назад

@@davidbombal One day we will find vulnerability in RU-vid and tell that "Look here's a bug" 😂 I hope we will do it one day 😂

@comeycallate9959 2 года назад

@@davidbombal and also doesn't work to all because there are a lot of comments in this video

@orbitxyz7867 2 года назад

Your regular viewer orbit xyz😉😉

@sergioeduard4422 2 года назад

Great video 🖤

@neverendingcoralmaze Год назад

Amazing vid!

@headlights-go-up 2 года назад

This is really interesting stuff

@Firoz900 2 года назад

Good program guru. Thank you.

@DRKSPAD3 2 года назад

Awesome video

@alisenjary 2 года назад

All time the best 😊

@davidbombal 2 года назад

XSS Rat is great!

@maanzero6245 2 года назад

Thank you so much for your big efforts ❤

@alanwilson7792 2 года назад

In addition to complex scripting, bad actors could also, for example, add unwanted images to your sites via the anchor tag - one method to screen out all offending tags in user content is to replace "

@agadaFrancisLouis 2 года назад

If i were a President and i had a country, I'd have given you a state to govern. Just my way of saying thank you, Mr. David🇳🇬❤❤❤

@SecurityTalent 2 года назад

I am buy your wireshark course.... totally Pro level course ....so so Thank you bro....

@davidbombal 2 года назад

Thank you for your support!

@GrimComix 2 года назад

Love this guy!

@CharlesBLim 2 года назад

This is the reason why If you want to be a good hacker you really need to know or understand web development.

@noname5046 2 года назад

Nice guest 👍

@albax8847 2 года назад

You are the best !!

@davidbombal 2 года назад

You are very kind 😀There are many amazing people out there 😀

@ImagineIfNot 2 года назад

thankuuuuuu thanku thankuuuuuuuuuuuuuuuuuuuuuuu luv you

@justinboss4131 2 года назад

Great video…. Thanks

@thecrownofnoah9100 2 года назад

Sooooooo informational, me like 👍

@oscarromero1007 2 года назад

thanks for this video!!

@JontheRippa 2 года назад

Wow thank you, good labs 👍

@babashehumodu1463 Год назад

Thank you very much sir David

@mashhood7534 2 года назад

Thanks ❤️ means a lot

@davidbombal 2 года назад

You're most welcome 😊

@castcrus 5 месяцев назад

Yup, his website is a gold mine, awesome guy!

@brainiac61 2 года назад

Thanks Again!

@davidbombal 2 года назад

You're welcome!

@landrover827 2 года назад

Wow! I had no idea… scary.

@captainkatz1775 2 года назад

Didn't know rats were that smart, time to build an army

@davidbombal 2 года назад

XSS Rat is already doing this 😂

@gregoryjones4539 2 года назад

They did that in wanted yo

@youtubvancy8929 2 года назад

Hi David, please bring Dr, chuck once again, thankyou.

@davidbombal 2 года назад

Hopefully soon. What topics you want him to talk about?

@youtubvancy8929 2 года назад

@@davidbombal its hard to choose topics, maybe more on other languages (go, etc). Mobile app development (swift, kotlin). Windows native apps (c#, pyqt), Programming + linux + networking skills, anything which involves programming, thanks.

@parshantkumar2455 2 года назад

Hello David sir , I love your videos very much , but sir can you start podcast on spotify and put the conversations with people on Spotify

@kennyt7037 2 года назад

Wow this is cool.

@davidbombal 2 года назад

Very happy to hear that you enjoyed the video Kenny!

@DCR600 2 года назад

Like Netflix series I am just waiting for your video 😍😋

@davidbombal 2 года назад

Thank you! I really appreciate that!

@AnnyMus-rc2zh Год назад

take a drink every time he says cross site scripting ahah

@ahmedabdelazim862 2 года назад

Thanks David

@edmorris4720 2 года назад

with reflected xxs can a attacker make a vulnerable website on purpose and host it them selfs then make a url that downloads somthing?

@marekqx 2 года назад

If someone will count how many times guy said "Cross-Site Scripting" i will buy him hamburger.

@ImAnonymous433 2 года назад

thats the reason F5 made the Web application firewall ... thats helps to protect from xss and many more attacks

@aligoodluck7064 2 года назад

Uncle rat I love you

@nuke7462 2 года назад

2:30 can be easily fixed by wrapping all open entry areas covered in [url]

@ahmedyt5998 2 года назад

Hey David can you make a video for the reverse Engireering apktool,and i thank you for all your course

@drillmontage2361 2 года назад

✌

@leschi4banane414 2 года назад

Hey, guys, I know I am kind of late, but I have a question. How can I load and run an external JavaScript onerror? (I thought I could maybe inject beef this way!)