1
00:00:00,270 --> 00:00:06,060
So now, guys, let's see what is Torbay's exercise and it's going to be very fun to see how to exploit

2
00:00:06,060 --> 00:00:06,840
this vulnerability.

3
00:00:07,280 --> 00:00:12,690
OK, so for that, I need to log into my Linux machine for which I am going to give the username and

4
00:00:12,690 --> 00:00:15,900
password so, as you can see, can only be accessed as a deflected.

5
00:00:16,200 --> 00:00:17,960
So now let's see what I'm going to do.

6
00:00:17,970 --> 00:00:20,560
It is set up and create a reset database.

7
00:00:20,620 --> 00:00:23,630
OK, so now I'm inside BBWAA.

8
00:00:23,680 --> 00:00:25,700
So this is the home page of David Blooey.

9
00:00:26,670 --> 00:00:29,910
So when you scroll it down, let's check the security which is on high.

10
00:00:29,920 --> 00:00:32,810
Let's make it to low and click on summit it.

11
00:00:33,060 --> 00:00:35,040
So when you click on something, let's get back to it.

12
00:00:35,820 --> 00:00:42,180
So, guys, this is the place where we are, where we are going to enter our payloads and exploits and

13
00:00:42,180 --> 00:00:44,340
simply see what it's going to be.

14
00:00:45,030 --> 00:00:46,380
So how it's going to be, actually.

15
00:00:46,410 --> 00:00:48,300
So now let's see what it is doing here.

16
00:00:48,330 --> 00:00:49,540
So this is asking for the name.

17
00:00:49,650 --> 00:00:51,510
And here we are having message board.

18
00:00:51,840 --> 00:00:56,310
If you want to write any message you can write, you suppose that I wanted it is asking for the name.

19
00:00:56,310 --> 00:00:58,470
So I'm going to give you a name which is DIWAKAR

20
00:01:01,330 --> 00:01:01,870
smart.

21
00:01:02,500 --> 00:01:06,600
OK, so message that I'm going to give here is hello.

22
00:01:07,690 --> 00:01:10,100
How are you?

23
00:01:10,560 --> 00:01:15,310
OK, so this is the message that I want to ask from you and the missus like.

24
00:01:16,680 --> 00:01:22,640
All right, message I want to give law, and so this is the message that I want to give here.

25
00:01:23,860 --> 00:01:27,170
OK, so simply click on Sign Guestbook.

26
00:01:27,730 --> 00:01:34,570
So when you click on Sign Guestbook, as you can see that the actual loan growth so this is how it looks

27
00:01:34,570 --> 00:01:39,290
like whatever I'm going to enter here, it will going to reflect it, OK?

28
00:01:39,610 --> 00:01:47,410
So one thing from here, we can see that it is whatever we are going to give there, that is mean.

29
00:01:47,640 --> 00:01:50,350
And as you can see here, there is nothing like.

30
00:01:51,320 --> 00:01:53,170
So this is supposed to be a request.

31
00:01:53,610 --> 00:02:02,530
OK, so what it is doing here is it is simply storing all of these things inside this server or database

32
00:02:02,530 --> 00:02:04,290
or whatever I'm going to write here.

33
00:02:04,450 --> 00:02:10,390
It will be stored it here, I suppose, in case of reflected accesses, whatever I give the payload

34
00:02:10,390 --> 00:02:12,120
like I want to give this.

35
00:02:12,400 --> 00:02:19,060
So when I give this payload and just click on some it, so what to do, it will simply alert you.

36
00:02:19,570 --> 00:02:21,670
It was simply executable it payload.

37
00:02:21,700 --> 00:02:27,810
OK, so when I suppose that Iman's condition, when I get back to it again, it will not do anything,

38
00:02:27,820 --> 00:02:28,570
it will start.

39
00:02:28,570 --> 00:02:35,890
Fanda is starting but in case of a stored you can see that when you click Venu on somewhere else, when

40
00:02:35,890 --> 00:02:41,620
you get back to exercise or whatever you see here is what you have entered earlier.

41
00:02:41,770 --> 00:02:46,990
Appositive it is suing you that so that this means that whatever I'm going to give here, it will be

42
00:02:46,990 --> 00:02:48,410
stored inside the server.

43
00:02:48,790 --> 00:02:50,180
OK, guys, is this clear?

44
00:02:50,290 --> 00:02:53,110
So this is the thing that I want to explain.

45
00:02:53,200 --> 00:02:54,320
What is the difference between it?

46
00:02:54,610 --> 00:02:55,990
OK, so now let's see.

47
00:02:55,990 --> 00:02:57,200
Let's have some fun here.

48
00:02:58,210 --> 00:03:01,040
OK, so what I'm going to write here, it will reflect here.

49
00:03:01,240 --> 00:03:03,880
So that means I can check for the excesses.

50
00:03:04,120 --> 00:03:08,320
OK, for Exercice, I will be going, as we all know that this is on security.

51
00:03:08,460 --> 00:03:11,200
OK, so now let's try with the word.

52
00:03:12,310 --> 00:03:13,750
We can say that.

53
00:03:13,750 --> 00:03:14,950
Let's try with our.

54
00:03:16,270 --> 00:03:16,540
It's.

55
00:03:18,410 --> 00:03:25,460
A script, disclose it and then a lot of it is so it is not taking any kind of input of.

56
00:03:26,570 --> 00:03:30,550
So whatever I'm going to write, it will not take why it is so.

57
00:03:30,770 --> 00:03:34,870
So let's check how many characters it is allowed to enter inside the name field.

58
00:03:35,120 --> 00:03:39,000
One, two, three, four, five, six, seven, eight, nine, 10.

59
00:03:39,360 --> 00:03:45,160
So it is allowing me to enter only 10 characters name or whatever you want to enter it.

60
00:03:45,190 --> 00:03:49,550
Only 10 characters are allowed inside this particular box.

61
00:03:50,480 --> 00:03:52,630
So now let's give my name again here.

62
00:03:53,180 --> 00:03:54,950
Let's check in message body.

63
00:03:55,100 --> 00:03:58,300
Is there there any filtration or not?

64
00:03:58,820 --> 00:04:00,920
No, there is no there is no filtration.

65
00:04:00,920 --> 00:04:01,580
Yes, there is.

66
00:04:02,000 --> 00:04:06,830
You can only enter one, two, three, four, five, six, seven, eight, nine, 10, 11, 12, 13,

67
00:04:06,830 --> 00:04:11,650
14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28.

68
00:04:12,390 --> 00:04:21,820
You and 22, 23, 24, 25, 39, 40, 41, 42, 43, 44, 45, 44 it around 40 to 49 characters are

69
00:04:21,860 --> 00:04:23,470
allowed inside the message body.

70
00:04:23,660 --> 00:04:25,120
So this is the cricket.

71
00:04:25,640 --> 00:04:30,590
So now how you can do how you can enter your building.

72
00:04:30,830 --> 00:04:36,350
So instant message body, you're allowed to enter around 40 words, 40 characters saw here.

73
00:04:36,350 --> 00:04:43,460
What we are going to execute here, I think the size of that particular script is less than forty,

74
00:04:43,460 --> 00:04:44,030
forty eight.

75
00:04:44,120 --> 00:04:45,500
So now let's try with this one.

76
00:04:48,960 --> 00:04:54,900
Right now, the click on this link.

77
00:04:57,910 --> 00:04:59,320
Not like it's slink.

78
00:05:02,270 --> 00:05:03,320
A script.

79
00:05:05,110 --> 00:05:07,270
Now, let's try to sign.

80
00:05:08,650 --> 00:05:14,320
So when you click on sign, as you can see that we are successfully injected over JavaScript code and

81
00:05:14,320 --> 00:05:15,610
now this is showing us error.

82
00:05:15,760 --> 00:05:23,470
So the trick is supposed that if someone is allowing if someone is just to see if someone is doing here,

83
00:05:23,470 --> 00:05:25,710
daddy, you have only to look at Dosso.

84
00:05:25,880 --> 00:05:33,220
And then here and there are two places to now you have the idea that if something is restricting you

85
00:05:33,490 --> 00:05:36,070
so you can choose the another one and you can try there.

86
00:05:36,250 --> 00:05:38,410
Now let's try to get back to it like this.

87
00:05:38,530 --> 00:05:40,160
So it was so you'd like this.

88
00:05:40,190 --> 00:05:46,800
So this is because you have installed your JavaScript code inside the server.

89
00:05:46,810 --> 00:05:50,650
So that is why I know when you ready to get back to it, it also it was error.

90
00:05:50,650 --> 00:05:54,300
Whenever you simply refresh it, it will show you this error.

91
00:05:54,310 --> 00:05:55,540
This dialogue was actually.

92
00:05:55,780 --> 00:05:58,140
So this is how stored this exercise works.

93
00:05:58,180 --> 00:06:02,740
Now, let's see, first of all, what its source code looks like.

94
00:06:04,260 --> 00:06:12,690
OK, guys, so when you see its source code inside message body, this is message text, one, two,

95
00:06:12,710 --> 00:06:16,030
three, four, five, six, seven, eight, nine, 10.

96
00:06:16,060 --> 00:06:17,960
OK, this has posed this.

97
00:06:17,970 --> 00:06:25,110
As for the first one and this is my A string and this is Gabe Synagis, as you can see that there is

98
00:06:25,110 --> 00:06:28,410
no there is nothing like any filtration in any.

99
00:06:31,010 --> 00:06:36,640
And infiltration of script in this case, this there is nothing that is why it is simply executing a

100
00:06:36,650 --> 00:06:39,140
command, which is which was a script.

101
00:06:40,130 --> 00:06:47,090
So now let's see in the next lecture how we can inject the vita is how we can inject our code inside

102
00:06:47,090 --> 00:06:49,960
this inside this name tag.

103
00:06:49,970 --> 00:06:51,560
OK, inside this name, please.

104
00:06:51,590 --> 00:06:57,820
So how we can do that, we will learn in the next lecture and to get back to this normal, to simply

105
00:06:57,890 --> 00:06:59,810
go to setup and click on create.

106
00:06:59,810 --> 00:07:01,640
And they said, let's get back to this.

107
00:07:01,640 --> 00:07:03,980
We will see nothing like it.

108
00:07:04,900 --> 00:07:09,680
OK, so this is all for this election and we are going to see in the medium settings how we can exploit

109
00:07:09,830 --> 00:07:10,480
accessors.