About 20 results out of 1839 (0.23 seconds)
Basic XSS Guide #1 -  Alert() - Redirection - Cookie Stealing

Channel Title : JackkTutorials

Views : 66741

Likes : 727

DisLikes : 41

Published Date : 2016-04-05T23:00:00.000Z

Visit https://bugcrowd.com/jackktutorials to get started in your security research career! G2A Re-link: https://www.g2a.com/?reflink=jackk1337 In this tutorial jackktutorials shows you how to get started with XSS Cross Site Scripting in BWAPP including Alert(), Webpage redirection and Cookie Stealing. LINKS AND RESOURCES ************************* Cookie Stealing Tutorial - https://youtu.be/Nv6CPs_j7hc XSS Definition - https://en.wikipedia.org/wiki/Cross-site_scripting Cookie Stealer Source - https://www.jackktutorials.com/?page_id=21 WAMP Server - http://www.wampserver.com/en/ GET MORE JACKKTUTORIALS! ******************************** Website: http://www.jackktutorials.com Forums: http://www.jackktutorials.com/forums Facebook: http://www.facebook.com/jackktutorials Twitter: http://www.twitter.com/jackk1337 Email: [email protected] Business Contact: [email protected] G2A Re-link: https://www.g2a.com/?reflink=jackk1337
Cracking Websites with Cross Site Scripting - Computerphile

Channel Title : Computerphile

Views : 993131

Likes : 20738

DisLikes : 402

Published Date : 2013-10-23T13:56:48.000Z

Audible free book: http://www.audible.com/computerphile JavaScript is dangerous! Why? How are websites vulnerable to it? Find out about bug-bounties from Tom Scott. More from Tom Scott: http://www.youtube.com/user/enyay and https://twitter.com/tomscott http://www.facebook.com/computerphile https://twitter.com/computer_phile This video was filmed and edited by Sean Riley. Computerphile is a sister project to Brady Haran's Numberphile. See the full list of Brady's video projects at: http://bit.ly/bradychannels

Channel Title : ali hayali

Views : 21

Likes : 0

DisLikes : 0

Published Date : 2017-11-06T13:21:21.000Z

Steal sensitive information & credentials with XSS

Channel Title : Shawar Khan

Views : 3500

Likes : 44

DisLikes : 5

Published Date : 2016-05-05T18:21:21.000Z

Disclaimer: This video is only for educational purposes. I am not responsible for any damage done using this technique. A technique used for stealing sensitive information and credentials of a user using XSS vulnerability. View full article on http://shawarkhan.com
Cross Site Scripting (XSS)-3 (XSS stored IFRAME and COOKIE Exploit)

Channel Title : Hacking Monks

Views : 4621

Likes : 36

DisLikes : 4

Published Date : 2017-01-11T16:22:36.000Z

Hello guys. We are the hacking monks. Here is our blog – http://www.hackingmonks.net/p/home.html Here is our Facebook Page - https://www.facebook.com/Hacking-Monks-1589849474562976/?ref=settings

Channel Title : Rekcah Nexus

Views : 158

Likes : 1

DisLikes : 0

Published Date : 2013-03-26T04:20:33.000Z

Hiding JavaScript in Picture Files for XSS

Channel Title : Don Does 30 Official

Views : 13382

Likes : 315

DisLikes : 17

Published Date : 2017-10-12T20:11:04.000Z

How to hide JavaScript in GIF, BMP, WEBP, PNM, or PGF files for the purposes of cross-site scripting. The site is required to receive the file without stripping metadata, and needs to be vulnerable to XSS to run the script (future tutorial). Git: https://github.com/jklmnn/imagejs

Channel Title : Alexander Yang

Views : 206

Likes : 0

DisLikes : 0

Published Date : 2011-12-14T21:01:51.000Z

http://shafigullin.pro/share.html?' http://shafigullin.pro/share.html?" http://shafigullin.pro/share.html?#'
Cross Site in Bitcoinget | Faizan Online |

Channel Title : Faizan Online

Views : 103

Likes : 5

DisLikes : 0

Published Date : 2019-07-04T19:04:33.000Z

xss in bitcoinget.com payload test img src x onerror alert document domain facebook.com/iamfaizanakhtar

Channel Title : kof2002

Views : 217

Likes : 1

DisLikes : 0

Published Date : 2014-03-27T23:56:01.000Z

t" onmouseover=prompt(document.domain);a=t

Channel Title : code exploit

Views : 12

Likes : 0

DisLikes : 0

Published Date : 2015-05-17T07:26:39.000Z

I created this video with the YouTube Video Editor (http://www.youtube.com/editor)
Open redirection vulnerability in ford website

Channel Title : MaXecurity Group

Views : 26

Likes : 2

DisLikes : 0

Published Date : 2019-07-09T11:41:40.000Z

Open redirection vulnerability in main ford website bug hunting hackerone bug bounty program What is an Open Redirection Vulnerability and How to Prevent it? An Open Redirection is when a web application or server uses a user submitted link to redirect the user to a given website or page. Even though it seems like a harmless action, to let a user decide on which page he wants to be redirected to, if exploited such technique can have a serious impact especially when combined with other vulnerabilities and tricks. How can An Open Redirect Web Vulnerability be exploited? Abusing the Trust Users Have in the Vulnerable Website Since the domain name in a URL is typically the only indicator for a user to recognize a legitimate website from a non-legitimate one, an attacker can abuse this trust to exploit an open redirect vulnerability on the vulnerable website, and redirect the user to a malicious page to execute further attacks, as explained in the following sections. Exploiting an Open Redirect Vulnerability for a Phishing Attack When the user clicks on a link of a legitimate website he often won’t be suspicious if suddenly a login prompt shows up. To launch a successful phishing attack the attacker sends the victim a link, for example via email, which exploits the vulnerability on the vulnerable website example.com: https://example.com/redirect.php?go=http://attacker.com/phish/ By exploiting the open redirect vulnerability on the legitimate website, the attacker is redirecting the victim to, http://attacker.com/phish which is a phishing page that is similar to the legit website. Once the visitor is on the attacker's malicious website, he enters his credentials on the login form which points to a script that is controlled by the attacker. The script is typically used to save the username and the password that is being typed in by the victim, which attackers typically use at a later stage to impersonate the victim on the legitimate website. The probability of a successful phishing attack are quite high since the domain example.com is shown when the user clicks on the link. Exploiting an open redirection vulnerability to launch a phishing attack. Exploiting an Open Redirect Vulnerability to Redirect Victims to Malicious Websites It is also possible to redirect an otherwise careful internet user to a site hosting attacker controlled content, like a browser exploit or a page executing a CSRF attack. As above, the chances that the victim clicks the link are higher if the site the link points to is trusted by the victim. An example is an open redirect in a trustworthy page like a banking site, that directs the victim to a page with a CSRF exploit against a vulnerable wordpress plugin. Exploiting An Open Redirection Vulnerability to Execute Code Redirecting to javascript: URIs An open redirection vulnerability in a web application can also be used to execute a XSS payload by redirecting to javascript: URIs. Those can be used to directly execute javascript code in the context of the vulnerable website. An example would be this: https://example.com/index.php?go=javascript:alert(document.domain) The above would show an alert window with the content from example.com. However in most modern browsers this only works when the redirection is javascript based. That means that a location header with javascript: will not execute the code and might show an error message instead. Another URI scheme that’s useful for an attacker is data:. While this does not work in webkit based Browsers like Google Chrome or Opera anymore, in Mozilla FireFox the attacker can still redirect to it. What this does is writes data directly to the browser window, which could ease the process of creating phishing pages, even without using a web server to host them. What is the Impact of an Open Redirection Vulnerability? As mentioned above the impacts can be many, and vary from theft of information and credentials, to the redirection to malicious websites containing attacker controlled content, which in some cases even cause XSS attacks. So even though an open redirection might sound harmless at first, the impacts of it can be severe should it be exploitable. How Can You Prevent Open Redirection Vulnerabilities? The easiest and most effective way to prevent vulnerable open redirects would be to not let the user control where your page redirects him to. If you have to redirect the user based on URLs, you should always use an ID which is internally resolved to the respective URL. If you want the user to be able to issue redirects you should use a redirection page that requires the user to click on the link instead of just redirecting them. You should also check that the url begins with http:// or https:// and also invalidate all other URLs to prevent the use of malicious URIs such as javascript: Vulnerability Classification and Severity Table
Best two scripts for eBonus.gg (updated 2018)

Channel Title : Samke GpG

Views : 766

Likes : 9

DisLikes : 1

Published Date : 2018-11-14T08:21:49.000Z

// ==UserScript== // @name eBonus.gg [Captcha Skip] Pro // @namespace http://www.mediafire.com/file/u55hupzyiy14ye8/Captcha%20Ebonus.user.js // @version 1.0.0 // @description This automatically clicks on any recaptcha on the webpage and submits it directly after you solved it // @author Minh Hieu Nguyen // @match http://eBonus.gg/lol // @include * // @grant none // ==/UserScript== var domain = (window.location != window.parent.location) ? document.referrer.toString() : document.location.toString(); if (domain.indexOf('miped.ru') == -1 && domain.indexOf('indiegala') == -1 && domain.indexOf('gleam.io') == -1) { //You can exclude domains here (advanced) if (location.href.indexOf('google.com/recaptcha') _ -1) { var clickCheck = setInterval(function() { if (document.querySelectorAll('.recaptcha-checkbox-checkmark').length _ 0) { clearInterval(clickCheck); document.querySelector('.recaptcha-checkbox-checkmark').click(); } }, 100); } else { var forms = document.forms; for (var i = 0; i _ forms.length; i++) { // ==UserScript== // @name eBonus.gg Pro // @namespace Daniel Fontenelle // @version 1.3 // @description Auto clique no próximo vídeo, clique automático na bolha e recarrega a página automaticamente com vídeos quebrados. // @author Daniel Fontenelle (FACEBOOK: https://www.facebook.com/danielll.fontenelle ) // @match https://ebonus.gg/earn-coins/watch/lol // @grant none // ==/UserScript== setInterval(function() { window.location.reload(); }, 170000); $(document).ready(function(){ var coinsclicker = setInterval(function() { ClickNext(); ClickOnBubble(); }, 1000); window.ClickNext = function(){ if ($(".coins_popup").length _ 0) { console.log("clicked"); $(".coins_popup").click(); } }; window.ClickOnBubble = function(){ if ($(".sweet-alert.showSweetAlert.visible").length _ 0) { console.log("clicked"); $(".confirm").click(); } }; });
XSS Cross Site Scripting Demonstration

Channel Title : Imperva

Views : 187643

Likes : 440

DisLikes : 34

Published Date : 2009-07-02T03:17:49.000Z

Cross-site scripting ('XSS' or 'CSS') is an attack that takes advantage of a Web site vulnerability in which the site displays content that includes un-sanitized user-provided data. For example, an attacker might place a hyperlink with an embedded malicious script into an online discussion forum. That purpose of the malicious script is to attack other forum users who happen to select the hyperlink. For example it could copy user cookies and then send those cookies to the attacker. The Script Injection video should be watched before this video for greater understanding.
Copy of xss'-confirm(document.domain)-'

Channel Title : Deepak tqwe

Views : 13

Likes : 0

DisLikes : 1

Published Date : 2017-03-01T17:54:54.000Z

video127 script alert('test1');/script http://example.com/  #cool

Channel Title : socialisten Area 51

Views : 145

Likes : 3

DisLikes : 2

Published Date : 2015-05-04T09:33:52.000Z

© scriptalert('cookie!');/script or are you strongbold/strong or let's see "what & we can ﶾ or cannot @bananorama do +test   - 00a0 link. äöü bo/b #tag next "l' H&M scriptalert('c');/script ' ' http://socialisten.at/ MENTION tab ends 00a0
XSS on Google Search - Sanitizing HTML in The Client?

Channel Title : LiveOverflow

Views : 322731

Likes : 9589

DisLikes : 138

Published Date : 2019-03-31T11:57:21.000Z

An actual XSS on google.com by Masato Kinugawa. It abuses a parsing differential between a JavaScript enabled and disabled context. The fix: https://github.com/google/closure-library/commit/c79ab48e8e962fee57e68739c00e16b9934c0ffa -=[ ❤️ Support ]=- → per Video: https://www.patreon.com/join/liveoverflow → per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🔴 Stuff I use ]=- → Microphone:* https://amzn.to/2LW6ldx → Graphics tablet:* https://amzn.to/2C8djYj → Camera#1 for streaming:* https://amzn.to/2SJ66VM → Lens for streaming:* https://amzn.to/2CdG31I → Connect Camera#1 to PC:* https://amzn.to/2VDRhWj → Camera#2 for electronics:* https://amzn.to/2LWxehv → Lens for macro shots:* https://amzn.to/2C5tXrw → Keyboard:* https://amzn.to/2LZgCFD → Headphones:* https://amzn.to/2M2KhxW -=[ 🐕 Social ]=- → Twitter: https://twitter.com/LiveOverflow/ → Website: https://liveoverflow.com/ → Subreddit: https://www.reddit.com/r/LiveOverflow/ → Facebook: https://www.facebook.com/LiveOverflow/ -=[ 📄 P.S. ]=- All links with "*" are affiliate links. LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.
XSS (cross site scripting ) filter evasion series stage 8

Channel Title : Vishwaraj Bhattrai

Views : 1067

Likes : 3

DisLikes : 0

Published Date : 2015-02-02T06:19:14.000Z

payload used : javascript:alert(document.domain); challenge link : http:--xss-quiz.int21h.jp-stage008.php
"><img src=x onerror=alert(document.domain)>

Channel Title : charlie'z yoski\

Views : 1080

Likes : 0

DisLikes : 0

Published Date : 2015-02-08T23:14:12.000Z

"><img src=x onerror=alert(document.domain)>
Ellusionist HTML Injection + Persistent XSS

Channel Title : Spade

Views : 51

Likes : 1

DisLikes : 0

Published Date : 2017-03-04T06:15:30.000Z

5-9 xss challanges

Channel Title : Vishnu Bhardwaj

Views : 20

Likes : 0

DisLikes : 0

Published Date : 2019-05-01T01:41:19.000Z

How to Attack on cross site scripting vulnerable websites (XSS)

Channel Title : A Team

Views : 870

Likes : 5

DisLikes : 5

Published Date : 2018-08-20T18:39:08.000Z

How to Attack on cross site scripting vulnerable site (XSS) Hey guys! Rogue Flame from A Team here back again with another video, in this video, we will be looking at how to attack Vulnerable cross-site script XSS website using google dork. cross site scripting vulnerable website find cross site scripting vulnerable website (XSS) How to Attack on cross site scripting vulnerable website (XSS) XSS vulnerable attack XSS vulnerable sites 2018.XSS vulnerable website I Hope you enjoy/enjoyed the video. If you have any questions or suggestions feel free to ask them in the comments section Thanks for watching! social media Facebook https://www.facebook.com/ateamadmin Благодаря за гледането 感谢您观看 Merci d'avoir regardé Grazie per la visione Gracias por ver شكرا للمشاهدة देखने के लिए धन्यवाद
Cross-Site Scripting Explained - Part 7: HTML Events

Channel Title : webpwnized

Views : 5039

Likes : 17

DisLikes : 0

Published Date : 2012-01-29T16:45:52.000Z

Author: Jeremy Druin Twitter: @webpwnized Description: This video demonstrates injecting cross site scripts into HTML events. The example requires a prefix to close off an existing JavaScript statement in the onclick event targetted. Any script injected into the HTML event will be executed when the user clicks the BACK button on the page. Mutillidae is a free web application which is vulnerable on purpose to give a training envoronment for pen testers, security enthusiasts, universities, and as a target for evaluating vulnerability assessment tools. Updates about Mutillidae are announced on Twitter at @webpwnized. Mutillidae can be downloaded from irongeek.com Thank you for watching. Please support this channel. Up vote, subscribe or even donate by clicking "Support" at https://www.youtube.com/user/webpwnized! The webpwnized YouTube channel is dedicated to information security, security testing and ethical hacking. There is an emphasis on web application security but many other topics are covers. Some of these include forensics, network security, security testing tools and security testing processes. The channel provides videos to encourage software developers and system administrators to perform security testing. Also, the channel educates the next generation of security testers and bug bounty hunters who want to respectfully, legally and ethically help system owners that allow security testing.
Cross-Site Scripting(XSS) using image file upload

Channel Title : Shawar Khan

Views : 15034

Likes : 69

DisLikes : 36

Published Date : 2015-07-21T04:39:38.000Z

In this video i will tell you about executing cross-site scripting(XSS) attack using a file upload.This method can be used with other file types like bmp png and other types. Site: Shawarkhan.com Facebook: www.facebook.com/shawarkhanskofficial
XSS in sandbox domains GOOGLE

Channel Title : MMMAAA OOOUUU

Views : 232

Likes : 1

DisLikes : 0

Published Date : 2015-07-16T06:27:23.000Z

Google uses a range of sandbox domains to safely host various types of user-generated content. Many of these sandboxes are specifically meant to isolate user-uploaded HTML, JavaScript, or Flash applets and make sure that they can't access any user data. For this reason, we recommend using alert(document.domain) instead of alert(1) as your default XSS payload. In particular, if you see script execution in any subdomains of the domains in this list: ad.doubleclick.net googleusercontent.com googlecode.com codespot.com feeds.feedburner.com googleadservices.com googledrive.com googlegroups.com {your-blog-name}.blogspot.com {your-app-name}.appspot.com
Exploiting a Cross-site Scripting (XSS) vulnerability on Facebook

Channel Title : acunetix

Views : 41719

Likes : 76

DisLikes : 20

Published Date : 2010-07-27T09:53:44.000Z

The following video shows how an attacker may exploit a cross-site scripting vulnerability on Facebook.com regardless of the HTTPOnly cookie protection used. Of course, this goes way beyond showing an "alert()" popup in Javascript, since the attacker is also able to hijack the victim's Facebook account. We also published an article to explain in more technical detail the works behind abusing such a flaw. http://www.acunetix.com/websitesecurity/xss-facebook.htm Facebook rates as the second most popular website on the internet with 400 million active users. When such a website has common web application security flaws, they are going to be abused for one's gain. When we came across an obvious cross-site scripting vulnerability, we decided to show that an attacker could do that. We worked with Facebook to make sure that this vulnerability is fixed. We would like to thank their security team for quickly fixing it. For more information visit http://www.acunetix.com
Hacking 101 - Cross site scripting - web security tutorial

Channel Title : GhostBit

Views : 216

Likes : 6

DisLikes : 0

Published Date : 2019-03-16T09:24:30.000Z

Hello World! Welcome to my channel. In this video, I am Going to show you what is Cross site scripting? And how to use it. What is Cross site scripting? Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it. There are 3 types of XSS, I'm going to talk about the 2 most used: ►Reflected XSS Attack: When an attacker inject his malicious script into a search query, a search box, or the end of an URL, it's called Reflected XSS Attack. It's like throwing a ball against a wall and receive him back. ►Stored XSS Attack: Is when an injected XSS script is stored permanently on a website, for example in a guestbook or bulletin board. Stored XSS hit's everyone who just reaches the site with the malicious code. How to Protect Yourself: The primary defenses against XSS are described in the OWASP XSS Prevention Cheat Sheet. Also, it's crucial that you turn off HTTP TRACE support on all web servers. An attacker can steal cookie data via Javascript even when document.cookie is disabled or not supported by the client. This attack is mounted when a user posts a malicious script to a forum so when another user clicks the link, an asynchronous HTTP Trace call is triggered which collects the user's cookie information from the server, and then sends it over to another malicious server that collects the cookie information so the attacker can mount a session hijack attack. This is easily mitigated by removing support for HTTP TRACE on all web servers. Thanks for watching my video hit like Button, Subscribe to this channel and press bell icon for more videos. ►"Install bwapp in xampp": https://youtu.be/N95oGV4QNro subscribe": https://goo.gl/9kbN6d ►"Free Ethical Hacking Course": https://goo.gl/oVMSpf ►"Hacking 101- Find Sub-Domain- web security tutorial":https://youtu.be/vLFoFi7RJ3c ►"Domain Information Gathering": https://youtu.be/SL3nufBODUY ►"Convert Any File Or Folder Into ISO File.":https://youtu.be/8F-YLnrwjxA ►"how to hack windows 10." https://www.youtube.com/watch?v=T8mtHFA2wPI ►"How to use phishing attacks for Facebook." https://www.youtube.com/watch?v=TaWKeS7yzBg ►"how to change IP address and location." https://www.youtube.com/watch?v=-yzgPrs1oms ~-~~-~~~-~~-~- ~-~~-~~~-~~-~- Tobu - Colors [NCS Release] https://youtu.be/MEJCwccKWG0 http://www.youtube.com/tobuofficial Music promoted by Audio Library https://youtu.be/PQC7VaL7xlc -~-~~-~~~-~~-~-
How to Redirect Stored XSS

Channel Title : Dragunman White Hat

Views : 560

Likes : 1

DisLikes : 0

Published Date : 2015-11-14T15:31:22.000Z

How Redirect Stored XSS What is Stored XSS Stored Xss attacks involve an attacker injecting a script referred to as the payload that is Permanently Stored Persisted on the target application for instance within a database.The classic Example of stored Xss is a malicious script inserted by an attacker in a comment field on a blog or in a forum post. Detail Of Stored Xss Cross Site Scripting Xss attacks are an instantiate of injection problems in which malicious scripts are injected into the otherwise benign and trusted web sites.Cross Site Scripting XSS vulnerabilities occur when 1 Data enters a Web application through an UN trusted source most frequently a web request. 2 The data is included in dynamic content that is sent to a web user without being validated for malicious code.The malicious content sent to the web browser often takes the form of a segment of JavaScript but may also include HTML, Flash or any other type of code that the browser may execute. The variety of attacks based on Xss is almost limitless but they commonly include transmitting private data like cookies or other session information to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the users machine under the guise of the vulnerable site. Confidentiality: The most common attack performed with cross-site scripting involves the disclosure of information stored in user cookies. Access control: In some circumstances it may be possible to run arbitrary code on a victim's computer when cross site scripting is combined with other flaws Exposure Period Implementation: If bulletin-board style functionality is present, cross-site scripting may only be deterred at implementation time. More Information For open This Link http://www.dragunman.com/how-redirect-stored-cross-site-scripting-xss Just For Education Prupose.

Channel Title : HACK THE PLANET

Views : 76

Likes : 0

DisLikes : 0

Published Date : 2017-04-21T14:27:51.000Z

Java Script For Döngüsü - Java Script Dersleri

Channel Title : JavascriptDersleri

Views : 158

Likes : 0

DisLikes : 0

Published Date : 2013-12-22T19:57:10.000Z

Java Script alert kullanımı, confim kullanımı, değişkenler, document write kullanımı, ekrana yazı yazdırma,foksiyon çağırma,fonksiyon oluşturma,for döngüsü,if yapısı,prompt kullanımı,set time out ve set interval, string to upper case, java script dersleri.
How to Send Automated Email using google apps script

Channel Title : Amarindaz

Views : 7185

Likes : 55

DisLikes : 2

Published Date : 2018-02-18T20:01:53.000Z

Support Amarindaz on Patreon: https://goo.gl/it9Gpk --~-- Title: How to send Automated email to different people using google apps script Description: In this video, you're going to learn on how to send email from google spreadsheet automatically with the help of google apps script. We are going to use a class called MailApp and it has a method called sendEmail. We are going to use sendEmail method that accepts three parameters 1)To address 2)subject 3)Email Body With MailApp class, we can also send an email with attachment as well. Here, we have a set of recipients address and dummy subject and email body.We are writing simple google apps script to send email based on cell value. When you run that function, it'll automatically send email from google spreadsheet to multiple recipients. ********** Tutorial Playlists ********** Google apps script tutorial for beginners- https://goo.gl/wqHwqx Automate internet explorer with VBA- https://goo.gl/Xmy8Af Autoit tutorials for beginners- https://goo.gl/JHB1E2 Selenium Webdriver tutorials for beginners -https://goo.gl/QqxTrF ****** Contact me ******** Blog: www.amarindaz.com FB page: http://www.facebook.com/amarindaz ******* Books written by me ******** Autoit tutorials for beginners: http://amzn.to/2GjaDbD Excel VBA for beginners: http://amzn.to/2nhI067 ******* Productivity tool ********* My Favorite YouTube Tools ➜ https://goo.gl/MX9Z4p and ➜https://goo.gl/UW1uRX ******* Gear Used To Shoot This Video ****** _Audio & Microphone http://amzn.to/2GibdGu ********Learning partner******** Video courses ➜https://click.linksynergy.com/fs-bin/click?id=832arX/53N8&offerid=323058.81&type=3&subid=0
Step by Step HTTP Cookie Tutorial

Channel Title : Hussein Nasser

Views : 784

Likes : 43

DisLikes : 0

Published Date : 2019-05-02T02:57:11.000Z

💻 More Software engineering videos https://www.youtube.com/playlist?list=PLQnljOFTspQXOkIpdwjsMlVqkIffdqZ2K HTTP Cookies are small pieces of data that are used as storage medium in the browser and are also sent to the server with each request. Cookies are mainly used for session management, user personalization, and tracking. In this video we will try to demystify cookies and learn everything there is to them by example and with demos as well! Creating Cookies 1. Document.cookie (client side) 2. set-cookie header (server side) Cookies Properties Sent with each request Cookies are automatically sent to the server with each request. so becareful not to stuff your app with cookies because it might slow down as network bandwidth become saturated with bloated requests.. Per Domain They are stored per domain think of them as cookie buckets, for instance you visit google.com you will get a specific cookie for google.com, any cookies created while in google.com will go to the google.com bucket and so on. there are exceptions but this the general rule. by default if you create cookie, it will only be accessable within the domain, it will only be sent to the same domain. You can create a cookie with the domain property which will also include subdomains. example, domain=husseinnasser.com , includes blog.husseinnasser.com, about.husseinnasser.com etc.. Example.com www.example.com Path specific cookies cookies for a given path only. /r1 /r2 routes make only cookie for r1 and cookie for r2 client will only send cookies for that path. if you know you are going to use the cookies in certain paths why waste precious bandwidth sending it with every path? Cookies Types 1. Session cookie - no expires or max-age, once browser close they are “deleted” browsers are being smart and keep them though 2. permanent cookie - set max-age 3. httponly cookie cannot be accessed with document.cookie 4. secure cookie only acceptable with https 5. Third party cookie - page references another page, gets its own cookies.. 6. Zombie Cookies - recreted even after users delete them, e-tags from the server Cookie Security 1. Stealing cookies, inject XSS script, 2. cross site request forgery, more dangerous and easier, I don’t want your cookie I just want to make a request on your behave using your cookie and make myself an advtange as a result.. since you are signed in to your bank I will inject a script that makes a request ot YOUR bank to transfer myself money.. samesite Stay Awesome! Hussein
Set and get multiple cookies in JavaScript

Channel Title : kudvenkat

Views : 28770

Likes : 111

DisLikes : 3

Published Date : 2015-02-20T21:42:29.000Z

Link for all dot net and sql server video tutorial playlists http://www.youtube.com/user/kudvenkat/playlists Link for slides, code samples and text version of the video http://csharp-video-tutorials.blogspot.com/2015/02/set-and-get-multiple-cookies-in.html In this video, we will discuss how to set and get multiple cookies in JavaScript. This is continuation to Part 69. Please watch Part 69 before proceeding. When we click "Set Cookie" button we want to store the following 3 key-value pairs in 3 cookies. name=Venkat; [email protected]; gender=Male; When we click "Get Cookie" button we want to retrieve all the 3 key-value pairs from the 3 cookies Modify the code in setCookie() function as shown below. function setCookie() { document.cookie = "name=" + document.getElementById("txtName").value; document.cookie = "email=" + document.getElementById("txtEmail").value; document.cookie = "gender=" + document.getElementById("txtGender").value; } The above code creates 3 cookies and stores the 3 key-value pairs. At this point document.cookie property contains the following string "name=Venkat; [email protected]; gender=Male" Now, modify the code in getCookie() function as shown below. function getCookie() { if (document.cookie.length != 0) { var cookiesArray = document.cookie.split("; "); for (var i = 0; i [ cookiesArray.length; i++) { var nameValueArray = cookiesArray[i].split("="); if (nameValueArray[0] == "name") { document.getElementById("txtName").value = nameValueArray[1]; } else if (nameValueArray[0] == "email") { document.getElementById("txtEmail").value = nameValueArray[1]; } else if (nameValueArray[0] == "gender") { document.getElementById("txtGender").value = nameValueArray[1]; } } } else { alert("No cookies found"); } }
XSS (cross site scripting ) filter evasion series stage 6

Channel Title : Vishwaraj Bhattrai

Views : 1180

Likes : 6

DisLikes : 0

Published Date : 2015-02-01T10:52:56.000Z

xss vector used is onmouseover="prompt(document.domain);"" Link for the challenge 6 http:-- xss-quiz.int21h.jp-stage-no6.php

Channel Title : Host Promo

Views : 1062

Likes : 12

DisLikes : 2

Published Date : 2019-04-11T09:14:29.000Z

LEARN HOW TO RUN JAVASCRIPT IN ATOM THE RIGHT WAY! SUPER EASY AND WILL CHANGE YOUR LIFE! 🤑 https://host.promo ⌨ MAC SHORTCUT: command + i ⌨ WINDOWS SHORTCUT: shift + ctrl + b 👉🏼 FIND THE BEST WEB HOST AND PROMOS (FREE TRIALS, FREE DOMAINS, FREE SSL ETC) 🤑 https://host.promo/ 👉🏼 GET A FREE DOMAIN, FREE SSL, AND 70% OFF 🤑 https://host.promo/hosts/promo/bluehost 👉🏼 GET $0.80 BUDGET HOSTING (CHEAPEST) 🤑 https://host.promo/hosts/promo/hostinger 👉🏼 GET A FREE SSL AND 70% OFF BEST HOST (RECOMMENDED BY WORDPRESS) 🤑 https://host.promo/hosts/promo/siteground Atom Script Package: https://atom.io/packages/script Install On Command Line: apm install script What is Host.Promo? HostPromo provides the best promotions, insights, and analytics on hosting companies and platforms. The platform is free to use and designed to save you a ton of money! Save your heard earned money and spend it on something other then web hosting! Promotions, analytics, and data are updated daily on HostPromo! 👉🏼 Website Home: https://host.promo/ 👉🏼 Best Host Deal: https://host.promo/hosts/best-deal 👉🏼 Host Promo Vlog: https://host.promo/vlog 🤑 Follow HostPromo on social media! 🤑 💎 Twitter: https://twitter.com/HostDotPromo 💎 Medium: https://medium.com/@hostpromo 💎 Reddit: https://www.reddit.com/user/HostDotPromo 💎 Pinterest: https://www.pinterest.com/hostpromo/ 💎 GitLab: https://gitlab.com/HostPromo #javascript #atom #coding
Calling live json web service using jquery ajax

Channel Title : kudvenkat

Views : 65436

Likes : 340

DisLikes : 9

Published Date : 2015-06-17T20:20:07.000Z

Link for all dot net and sql server video tutorial playlists https://www.youtube.com/user/kudvenkat/playlists?sort=dd&view=1 Link for slides, code samples and text version of the video http://csharp-video-tutorials.blogspot.com/2015/06/calling-live-json-web-service-using.html In this video we will discuss how to call a live weather web service that returns JSON data using jquery ajax. For the purpose of this demo, we will be using the live weather web service that returns JSON data. The web service can be found at the following URL. http://openweathermap.org/current We want to retrieve weather data from the web service and display it on a web page. Here is the HTML and jQuery code used in the demo <html> <head> <script src="jquery-1.11.2.js"></script> <script type="text/javascript"> $(document).ready(function () { $('#btnGetWeather').click(function () { var resultElement = $('#resultDiv'); resultElement.html(''); var requestData = $('#txtCity').val() + ',' + $('#txtCountry').val(); $.ajax({ url: 'http://api.openweathermap.org/data/2.5/weather', method: 'get', data: { q: requestData }, dataType: 'json', success: function (response) { if (response.message != null) { resultElement.html(response.message); } else { resultElement.html('Weather: ' + response.weather[0].main + '<br/>' + 'Description: ' + response.weather[0].description); } }, error: function (err) { alert(err); } }); }); }); </script> </head> <body style="font-family:Arial"> <table> <tr> <td>City</td> <td><input type="text" id="txtCity" /></td> </tr> <tr> <td>Country</td> <td><input type="text" id="txtCountry" /></td> </tr> </table> <input type="button" id="btnGetWeather" value="Get Weather Data"> <br /><br /> <div id="resultDiv"> </div> </body> </html>
XSS tutorials with html tags

Channel Title : Spanksta worm

Views : 230

Likes : 1

DisLikes : 0

Published Date : 2014-02-02T12:15:23.000Z


Channel Title : test test

Views : 156

Likes : 0

DisLikes : 1

Published Date : 2014-12-28T19:55:03.000Z

I created this video with the YouTube Video Editor (http://www.youtube.com/editor)

Channel Title : Alyssa Herrera

Views : 153

Likes : 15

DisLikes : 0

Published Date : 2016-07-01T19:13:09.000Z

No commentary Over watch Competitive. Pre-tournament training and climbing to 70. ► Current Rank http://masteroverwatch.com/profile/shared/0a2fd3d5b21b21ac ► TWITCH https://www.twitch.tv/alyssa_gryphon -~-~~-~~~-~~-~- Please watch: "[No Commentary] Competive Overwatch Vod #2" https://www.youtube.com/watch?v=Pf0HxBOylcI -~-~~-~~~-~~-~-
From XSS to Domain Admin - Demo

Channel Title : eLearnSecurity

Views : 957

Likes : 4

DisLikes : 0

Published Date : 2015-07-05T14:41:42.000Z

http://ow.ly/PcdcK A demonstration of a real world network penetration test. The network has up-to-date client and server operating systems, a DMZ between two firewalls and a company website. IT Security Researcher, Davide "GiRa" Girardi, tries to gain full access to an Active Directory Administrator Account. Watch the full pentest for FREE here: http://ow.ly/PcdcK
Selenium with C# 51 - IJavaScriptExecutor interface | How to execute JavaScript from Selenium

Channel Title : Ankpro Training

Views : 562

Likes : 9

DisLikes : 0

Published Date : 2018-12-07T03:00:01.000Z

Javascript executor IJavascript Interface Alert using JavascriptExecutor Refresh the page using JavascriptExecutor Handle checkbox using JavascriptExecutor InnerText using JavascriptExecutor Get the Title of a page using JavascriptExecutor Get a domain of a page using JavascriptExecutor Get a URL of a page using JavascriptExecutor How to scroll a page using JavascriptExecutor How to navigate to other page using JavascriptExecutor Type text of JavascriptExecutor How to get height and width of a page using JavascriptExecutor What is JavaScript? JavaScript is the preferred language inside the browser to interact with HTML dom. This means that a Browser has JavaScript implementation in it and understands the JavaScript commands. What is IJavaScriptExecutor?   IJavaScriptExecutor is an Interface that helps to execute JavaScript through Selenium Webdriver. IJavaScriptExecutor provides two methods "executescript" & "executeAsyncScript“ to run JavaScript on the selected window or current page. Alert Pop Window We can create the alert pop-up using allowing code (IJavaScriptExecutor)driver).ExecuteScript(“alert('Hello')"); To Refresh The Page We can refresh the page by using following code ((IJavaScriptExecutor)driver).ExecuteScript("history.go(0)"); To Handle Checkbox To make the checkbox has checked ((IJavaScriptExecutor)driver).ExecuteScript("document.querySelectorAll('input[value = read]')[0].click()"); To make the checkbox has unchecked ((IJavaScriptExecutor)driver).ExecuteScript("document.querySelectorAll('input[value = read]')[0].click()"); To Get The Inner Text We can the inner text of page by using following code ((IJavaScriptExecutor)driver).ExecuteScript("return document.documentElement.innerText;").ToString(); To Get The Title Of Page We can get title of page by using following code ((IJavaScriptExecutor)driver).ExecuteScript("return document.title;").ToString(); To Get The Domain Of Page We can get Domain of page by using following code ((IJavaScriptExecutor)driver).ExecuteScript("return document.domain;").ToString(); To Get The URL Of Page We can get URL of page by using following code ((IJavaScriptExecutor)driver).ExecuteScript("return document.URL;").ToString(); To Scroll The Page To scroll the page vertically for 500px we use the following code ((IJavaScriptExecutor)driver).ExecuteScript("window.scrollBy(0,500)"); To scroll the page vertically till the end we use following code IJavaScriptExecutor)driver).ExecuteScript("window.scrollBy(0,document.body.scrollHeight)"); To navigate other page We can navigate to other page by using following code (IJavaScriptExecutor)driver).ExecuteScript("window.location='http://uitestpractice.com'"); To Get The Height And Width of page We can height and width of a page by using following code ((IJavaScriptExecutor)driver).ExecuteScript("return window.innerHeight;") ((IJavaScriptExecutor)driver).ExecuteScript("return window.innerWidth;") To Type The Text We can type the text into a text box by using following code ((IJavaScriptExecutor)driver).ExecuteScript("document.getElementById('Email').value='[email protected]';"); Possible Interview Questions on IJavaScriptExecutor What is Javascript What is IJavascriptExecutor How to create alert using IJavaScriptExecutor How to refresh the page using IJavaScriptExecutor How to handle the checkbox using IJavaScriptExecutor How to get the InnerText of javascript Executor How to get the title of a page using IJavaScriptExecutor How to get a domain of a page using IJavaScriptExecutor How to get a URL of a page using IJavaScriptExecutor How to scroll a page using IJavascriptExecutor How to navigate to other page using IJavascriptExecutor How to get the height and width of a page using IJavascript Executor How to type text into text box using IJavaScriptExecutor Code : [TestMethod] public void JavaScriptDemo() { IWebDriver driver = new FirefoxDriver(); driver.Url = "http://ankpro.com"; //((IJavaScriptExecutor)driver).ExecuteScript("prompt('Hello')"); //((IJavaScriptExecutor)driver).ExecuteScript("arguments[0].click();", "element"); //((IJavaScriptExecutor)driver).ExecuteScript("history.go(0)"); driver.Url = "http://uitestpractice.com/Students/Form"; //((IJavaScriptExecutor)driver).ExecuteScript("document.getElementByValue('dance').checked=true;"); ((IJavaScriptExecutor)driver).ExecuteScript("document.querySelectorAll('input[value = read]')[0].click()"); //String sText = ((IJavaScriptExecutor)driver).ExecuteScript("return document.documentElement.innerText;").ToString(); //Console.WriteLine(sText); //String sText1 = ((IJavaScriptExecutor)driver).ExecuteScript("return document.title;").ToString(); //Console.WriteLine(sText1); //String Text = ((IJavaScriptExecutor)driver).ExecuteScript("return document.domain;").ToString(); //Console.WriteLine(Text); Thread.Sleep(2000); driver.Quit(); }
XSS (cross site scripting ) filter evasion series stage 7

Channel Title : Vishwaraj Bhattrai

Views : 761

Likes : 6

DisLikes : 0

Published Date : 2015-02-02T06:02:12.000Z

Payload used : a onmouseover=prompt(document.domain); challenge link : s-quiz.int21h.jp-stage07.php
JavaScript substring example

Channel Title : kudvenkat

Views : 69125

Likes : 195

DisLikes : 4

Published Date : 2014-11-08T09:36:30.000Z

Link for all dot net and sql server video tutorial playlists http://www.youtube.com/user/kudvenkat/playlists Link for slides, code samples and text version of the video http://csharp-video-tutorials.blogspot.com/2014/11/javascript-substring-example.html In this video we will discuss a simple real time example of where we can use indexOf(), lastIndexOf() and substring() methods In the head section of the webform, include the following script section function getEmailandDomainParts() { var emailAddress = document.getElementById("txtEmailAddress").value; var emailPart = emailAddress.substring(0, emailAddress.indexOf("@")); var domainPart = emailAddress.substring(emailAddress.indexOf("@") + 1); document.getElementById("txtEmailPart").value = emailPart; document.getElementById("txtDomainPart").value = domainPart; } Finally set the onclick attriibute of the button to call the JavaScript function [input type="button" value="Get email & domain parts" style="width:250px" onclick="getEmailandDomainParts()"/] In Part 11 of JavaScript Tutorial we discussed indexOf() function. lastIndexOf() is also very useful function for manipulating strings. lastIndexOf() method returns the position of the last occurrence of a specified value in a string. Since it's job is to return the last index of the specified value, this method searches the given string from the end to the beginning and returns the index of the first match it finds. This method returns -1 if the specified value is not present in the given string. Example : Retrieve the last index position of dot (.) in the given string var url = "http://www.csharp-video-tutorials.blogspot.com"; alert(url.lastIndexOf(".")); Output : 42 Simple real time example where lastIndexOf and substring methods can be used In the head section of the webform, include the following script section function getDomainName() { var url = document.getElementById("txtURL").value; var domainName = url.substr(url.lastIndexOf(".")); document.getElementById("txtDomian").value = domainName; } Finally set the onclick attriibute of the button to call the JavaScript function [input type="button" value="Get top level domain" style="width: 300px" onclick="getDomainName()" /]
Tuto [Fr] Piratage de réseaux sociaux à distance (Instagram, Facebook, Twitter) - par Processus

Channel Title : processus thief

Views : 5746

Likes : 628

DisLikes : 7

Published Date : 2019-06-29T12:00:06.000Z

Tutoriel en français expliquant le fonctionnement du script shellphish. Ce tutoriel est à but instructif uniquement. Je ne vous incite en aucun cas à prendre le contrôle d'un système ou d'un réseau qui ne vous appartient pas. Le repo github de thelinuxchoice : https://github.com/thelinuxchoice/shellphish Canon EOS 700D Objectif Canon 50mm F1.8 Microphone BOYA BY-M1 Musique d'intro : Titre: Mainstream Pop Auteur: Bricks Source: http://www.myspace.com/bricksof78 Licence: http://creativecommons.org/licenses/by-nc-nd/2.0/ Téléchargement (4MB): https://www.auboutdufil.com/index.php?id=312 Musique de fond : Titre: No Love Auteur: Shearer Source: https://shearer.bandcamp.com/ Licence: https://creativecommons.org/licenses/by/3.0/deed.fr Téléchargement (7MB): https://www.auboutdufil.com/index.php?id=508 Mon site : https://thiefin.fr Les tutos de Processus
XSS (Cross Site Scripting) Stealing a cookie Kitabisa.com

Channel Title : Richie Daniel

Views : 300

Likes : 0

DisLikes : 0

Published Date : 2018-11-29T06:40:08.000Z

Facebook Page Like Box ::