Finding Your Next Bug: Blind Cross Site Scripting (XSS) & XSS Hunter скачать в хорошем качестве

Finding Your Next Bug: Blind Cross Site Scripting (XSS) & XSS Hunter

You asked for it and it's here! This is the first episode in the Finding Your Next Bug series and we're talking about blind XSS. With everyone looking for XSS bugs, WAF bypasses being even more complex and developers wising up blind XSS can be a neat way to find bugs that others don't. This type of stored XSS is awesome for hunting XSS in places you don't expect, logs, admin control panels, repair panels, etc. In this video we go from 0 knwoledge of blind xss, to a demo showing how it works. We also go over how to use XSS hunter and what it does. Finally we talk about some of the cool and some of the mundane blind XSS bugs that others have found. Finally we talk about some of the cool and some of the mundane blind XSS bugs that others have found. Further Reading: Cracking my windshield and earning $10,000 on the Tesla Bug Bounty Program by Sam Curry https://samcurry.net/cracking-my-wind... Case Studies: #461272 [www.zomato.com] Blind XSS in one of the admin dashboard https://hackerone.com/reports/461272 #159498 Blind Stored XSS Against Lahitapiola Employees - Session and Information leakage https://hackerone.com/reports/159498 #314126 Blind XSS - Report review - Admin panel - https://hackerone.com/reports/314126 - #197337 [IMP] Blind XSS in the admin panel for reviewing comments - https://hackerone.com/reports/197337 #251224 Blind stored xss [parcel.grab.com] name parameter https://hackerone.com/reports/251224