The-Digital-Empress
The fifth day of the Advent of Cyber challenge focuses on exploiting stored XSS payloads by disabling a plugin installed by the Grinch, who changed all mentions of Christmas to But-miss on a website forum. The video explains the four types of XSS vulnerabilities and how to exploit them by setting a new password and commenting with a script tag that includes a malicious JavaScript payload, which will instantly change the user's password when they visit the infected page. The YouTuber shares their experience with the challenge, offering tips for users who may encounter issues with Burp Suite's intercept tab and HTTP history. They plan to continue learning about Burp Suite in chapter four of the challenge.
In this section, the speaker discusses her experience with the Advent of Cyber challenges, specifically the issues she faced while attempting to upload her Day 4 video due to a corrupted file. She also shares her notes on bug bounty programs and her goal of earning her first paid bug bounty. Additionally, she mentions the topic of XSS and web reconnaissance featured in Chapter 5 of her bug bounty book. Finally, she talks about the challenge for Day 5, which involves finding an admin to remove a plugin installed by Grinch Enterprises that changes all mentions of Christmas to But-miss.
In this section, the video examines XSS vulnerabilities, which occur when malicious JavaScript is injected into websites with the intention of being executed by other users. There are four types of XSS vulnerabilities, including DOM, reflected, stored, and blind. The focus of the challenge is on exploiting a stored XSS payload, which is stored on a web application (such as in a database) and runs when other users visit the site or web page. The challenge involves finding and disabling a plugin installed by the Grinch, who has an admin account and has changed every mention of Christmas to buttons. To restore Christmas joy, the user needs to take over the Grinch account and disable the plugin.
In this section, the video highlights how to change the password of a user by exploiting an XSS vulnerability. By exploiting the password change URL parameter, a new password can be set for the user. The XSS attack is carried out by tricking the user to visit a page containing malicious JavaScript and commenting with a script tag that includes a payload. Once a user logs in and visits the infected page, their password will be changed instantly. The video highlights how fun it is to play the hacker and how the attack can be detrimental if any sensitive information is disclosed.
In this section of the video, the YouTuber completes Day 5 of the Advent of Cyber challenge by disabling a Christmas-themed plugin on a forum website. They explain that they initially had trouble with the intercept tab in Burp Suite, but eventually figured out how to use the HTTP history and send requests to Intruder. They also note some differences they experienced in their Burp Suite instance and offer tips for users who may encounter similar issues. The YouTuber plans to continue learning about Burp Suite in chapter four of the challenge. They finish by thanking viewers and mentioning that they will return for Day 6 of the challenge.
No videos found.
No related videos found.
No music found.