1
00:00:00,300 --> 00:00:05,400
So, guys, in this lecture, we're going to see our excesses reflected in a medium settings to, as

2
00:00:05,400 --> 00:00:10,860
we all know, high as the impossible, but we are going to see that also in this particular lecture.

3
00:00:11,100 --> 00:00:16,420
So now let's try to exploit our excess reflected in a medium setting.

4
00:00:16,450 --> 00:00:21,300
So what you need to do here is you need to simply, as we all know, that this is reflected once or

5
00:00:21,300 --> 00:00:23,160
it will not be stored on the server side.

6
00:00:23,170 --> 00:00:28,470
But what you need to do, it is simply click on setup, create and release a database or data which

7
00:00:28,480 --> 00:00:29,520
has been created.

8
00:00:29,760 --> 00:00:34,020
So now let's get back to security and change it to medium summit.

9
00:00:34,350 --> 00:00:36,930
And now we are ready to go with access as reflected.

10
00:00:37,660 --> 00:00:45,270
So, guys, I found one more website which is not trustable in case of Accessors because this website

11
00:00:45,270 --> 00:00:47,010
is the owner of BOPE.

12
00:00:47,010 --> 00:00:55,290
So OK guys, so this is a website which simply contains hundreds of thousands of payloads inside.

13
00:00:55,290 --> 00:00:58,740
It's you can go with anyone and it will definitely work.

14
00:00:59,700 --> 00:01:05,540
Its up on the practice which one is fit for which one is for this thing.

15
00:01:05,550 --> 00:01:06,870
So it's up on the practice.

16
00:01:07,650 --> 00:01:09,410
So now guys, let's see.

17
00:01:09,630 --> 00:01:11,370
So currently we're in the medium setting.

18
00:01:11,370 --> 00:01:13,520
So what it is asking, it is asking for the name.

19
00:01:14,430 --> 00:01:15,320
Now I give help.

20
00:01:15,840 --> 00:01:20,300
So when you deploy, as you can see again reflecting whatever I'm entering here.

21
00:01:20,700 --> 00:01:21,280
OK, guys.

22
00:01:21,290 --> 00:01:23,730
So it is the same thing you can see here.

23
00:01:24,150 --> 00:01:30,350
So now let's try with our basic scripting, which is a script has been HOGGE.

24
00:01:30,360 --> 00:01:31,560
Now let's try with this.

25
00:01:31,860 --> 00:01:41,610
So what it is doing here, what you have entered inside the island and with a load, it is simply reflecting

26
00:01:41,610 --> 00:01:44,760
that particular thing in front of you in the webpage.

27
00:01:45,120 --> 00:01:46,470
So what is the problem here?

28
00:01:46,500 --> 00:01:52,110
So now let's analyze with the help of a few source so that we can easily understand what it is doing

29
00:01:52,110 --> 00:01:53,310
and why it is doing.

30
00:01:55,150 --> 00:01:56,500
Let me move this here.

31
00:01:58,000 --> 00:01:59,790
OK, so now we're having full court.

32
00:02:01,090 --> 00:02:01,940
So what it is doing.

33
00:02:02,470 --> 00:02:07,650
So now let's see here, as you can see in the Echo, hello.

34
00:02:07,690 --> 00:02:08,340
It is printing.

35
00:02:08,350 --> 00:02:08,560
Hello.

36
00:02:08,560 --> 00:02:11,950
Is this this thing is very true to says hello.

37
00:02:11,980 --> 00:02:14,470
And this button, please script.

38
00:02:14,470 --> 00:02:19,380
What is doing this is they are using one function to replace a script.

39
00:02:19,840 --> 00:02:24,700
They are simply reflecting, they are simply replacing a script with this.

40
00:02:25,060 --> 00:02:30,180
So that is why it is not working, because we have entered their script oxidise.

41
00:02:31,470 --> 00:02:34,620
So the payload that we have entered here was this.

42
00:02:35,650 --> 00:02:42,910
So, yeah, as you can see, when we see this, what they are doing, they are simply replacing a filtering

43
00:02:43,030 --> 00:02:43,490
script.

44
00:02:43,870 --> 00:02:50,600
OK, so now how we can simply bypass this particular filtration.

45
00:02:51,070 --> 00:03:01,660
So now when you see this, you will see that they are reflecting as see IBT this thing in lowercase,

46
00:03:01,660 --> 00:03:03,010
they are simply doing this.

47
00:03:03,220 --> 00:03:10,120
So what we can do here, we can make it like we can make access capital.

48
00:03:10,580 --> 00:03:12,190
Let's move in the front.

49
00:03:13,030 --> 00:03:18,510
Let's see is it will work or not as we have changed it to capital.

50
00:03:18,510 --> 00:03:19,510
Or let's try to run this.

51
00:03:19,510 --> 00:03:25,820
As you can see, we have successfully managed to exploit excess as reflected with the help of some changes.

52
00:03:25,840 --> 00:03:28,810
So this is how you can simplify it and you can see it.

53
00:03:29,020 --> 00:03:32,560
So now let's see what we can say.

54
00:03:32,560 --> 00:03:33,070
This one.

55
00:03:34,030 --> 00:03:41,350
So this is the command says the payload that we have going to based here.

56
00:03:41,500 --> 00:03:42,520
So now let's see, is it working?

57
00:03:42,520 --> 00:03:48,190
And also, when you run it, it is it will not work because they are simply filtering escaped.

58
00:03:48,220 --> 00:03:53,050
So now let's make some changes like I want to make I as a capital.

59
00:03:56,270 --> 00:03:59,420
I is a capital in each and everyone, let's see, is it working or not?

60
00:03:59,480 --> 00:04:02,270
We have to make a script every time capital.

61
00:04:03,140 --> 00:04:05,450
As every time capital, OK, what is the problem here?

62
00:04:05,480 --> 00:04:07,430
Let me again see.

63
00:04:11,300 --> 00:04:14,430
And this was the comment, I think this was OK.

64
00:04:15,180 --> 00:04:16,330
So let me copy this.

65
00:04:17,150 --> 00:04:18,710
Again, get back to this.

66
00:04:20,260 --> 00:04:21,690
Copy paste.

67
00:04:23,010 --> 00:04:30,880
Let me move my closer to the starting years, Access's on, often executed.

68
00:04:31,590 --> 00:04:34,760
Let me see what it's going to work or do.

69
00:04:35,370 --> 00:04:37,830
Let me change this one to X.

70
00:04:41,300 --> 00:04:46,250
This is not a straight run, this now, as you can see, we have successfully managed to exploit this

71
00:04:46,250 --> 00:04:48,120
winnability using some changes.

72
00:04:48,140 --> 00:04:49,750
OK, so this is how you can work.

73
00:04:49,970 --> 00:04:55,220
Suppose that you are working in a real world website and when you try to inject your code, but it is

74
00:04:55,220 --> 00:04:57,890
not taking because it is already filtering.

75
00:04:58,040 --> 00:05:02,560
So you can do these kinds of changes so that it will later on work.

76
00:05:02,700 --> 00:05:06,720
OK, so now let's try to exploit it on high.

77
00:05:07,220 --> 00:05:15,020
So when you click on High and click on Submit, now let's try to get inside this and simply choose this

78
00:05:15,020 --> 00:05:16,040
one, OK?

79
00:05:16,220 --> 00:05:18,950
And now let's make it as capital.

80
00:05:22,630 --> 00:05:30,190
Noncapital, not attender says, you can see that what it is doing here, it is simply putting all the

81
00:05:30,190 --> 00:05:35,950
things, whatever you have entered inside this box as a string and it is just displaying yours.

82
00:05:36,050 --> 00:05:37,910
Now, let's see what is inside of your source.

83
00:05:38,330 --> 00:05:43,200
Now, let's make it zoom because time to see it and very soon manner.

84
00:05:43,610 --> 00:05:46,470
So now, guys, when you see here.

85
00:05:47,260 --> 00:05:47,710
Hello.

86
00:05:48,310 --> 00:05:53,200
So what it is doing here, it is simply esteemable, is special.

87
00:05:53,200 --> 00:05:54,900
Got what it is doing here.

88
00:05:55,150 --> 00:06:04,870
It is simply converting your things inside like stream in and special characters supposed like let me

89
00:06:05,800 --> 00:06:09,840
suppose, like you're using this particular tax, it will convert it into a of space.

90
00:06:10,170 --> 00:06:12,570
So this is why it is not working in this case.

91
00:06:12,880 --> 00:06:13,450
OK, guys.

92
00:06:13,630 --> 00:06:20,950
So this is why impossible high is just next to impossible to exploit.

93
00:06:21,370 --> 00:06:28,000
So guys, as we all know, that if there is high security, the developer is very creative and very

94
00:06:28,000 --> 00:06:37,000
deep thinker or they are well known about what kind of filtration they should be, simply put there

95
00:06:37,090 --> 00:06:38,050
on the website.

96
00:06:38,170 --> 00:06:40,150
So you can not exploit that.

97
00:06:40,930 --> 00:06:43,000
So that is why this is the perfect setting.

98
00:06:43,120 --> 00:06:49,480
With the help of that, you cannot you cannot exploit excess unreflected.

99
00:06:49,900 --> 00:06:51,720
OK, so this is all for this lecture.

100
00:06:51,730 --> 00:06:55,940
I hope you guys enjoyed it and you know how to exploit accessors reflected.

101
00:06:56,200 --> 00:06:58,020
So thank you for watching this lecture.