1
00:00:00,240 --> 00:00:03,910
So now, guys, we are again inside the Blooey in this lecture.

2
00:00:03,930 --> 00:00:09,870
We are going to test what exercise is taught based in the medium setting so far that you need to change

3
00:00:09,870 --> 00:00:11,280
the security to the medium.

4
00:00:13,220 --> 00:00:14,420
And now click on Submit.

5
00:00:15,540 --> 00:00:23,250
OK, so now we're inside The Exorcist also simply try to try to enter our last payload here, which

6
00:00:23,250 --> 00:00:24,150
was a script.

7
00:00:26,050 --> 00:00:27,790
A script alert.

8
00:00:29,080 --> 00:00:30,940
Like, I'm going to give one.

9
00:00:33,250 --> 00:00:35,840
A script, let's close this.

10
00:00:35,870 --> 00:00:40,170
OK, let me copy this so that I can use it later, not try to run this.

11
00:00:40,570 --> 00:00:45,730
So when you try to run this, as you can see that what it is doing here is this is simply filtering

12
00:00:45,730 --> 00:00:46,460
of a script.

13
00:00:46,630 --> 00:00:50,440
OK, OK, so this thing is clear that this is filtering a script.

14
00:00:51,010 --> 00:00:58,860
So as we did in the case of excessive Reflektor, we we have simply change over into capital letter

15
00:00:58,870 --> 00:01:03,970
and then try to run that particular book that we have from that pilot.

16
00:01:03,970 --> 00:01:09,130
And that was running very, very good and that was running as our needs.

17
00:01:09,400 --> 00:01:11,730
OK, now let's try that thing again here.

18
00:01:11,740 --> 00:01:14,280
Let's see, is it working here or not based?

19
00:01:15,190 --> 00:01:16,600
It's the Dawe.

20
00:01:16,720 --> 00:01:19,990
OK, so now let's try to make this as capital.

21
00:01:21,060 --> 00:01:22,530
As capital not.

22
00:01:23,580 --> 00:01:26,620
So when you see what it is doing, it is simply filtering again.

23
00:01:27,210 --> 00:01:30,330
So guys, let's see its source code, what it is doing here.

24
00:01:33,640 --> 00:01:41,890
So when you see its source code, what it is doing here is this is the place is this is doing same as

25
00:01:42,250 --> 00:01:44,740
it was doing in the case of excess as reflected.

26
00:01:45,100 --> 00:01:48,550
But let's see, something else is they are not so nice to us.

27
00:01:48,560 --> 00:01:49,760
Was a good match.

28
00:01:49,790 --> 00:01:50,360
OK.

29
00:01:50,440 --> 00:01:51,210
OK, ok.

30
00:01:51,550 --> 00:01:53,950
It is also a striped dog.

31
00:01:53,950 --> 00:01:56,720
And I said it is adding the slices here.

32
00:01:56,980 --> 00:01:58,570
OK guys now.

33
00:01:59,560 --> 00:02:07,470
And this is in case, OK, guys, so what they are doing here is they are simply adding the filter in

34
00:02:07,480 --> 00:02:13,090
place of message body, but in case of name, what they are doing, they're only filtering is crap.

35
00:02:13,330 --> 00:02:16,540
So now let's try to exploit it in the field of name.

36
00:02:16,880 --> 00:02:17,540
OK, guys.

37
00:02:17,730 --> 00:02:18,390
All right.

38
00:02:19,180 --> 00:02:20,330
So this is the name Phil.

39
00:02:20,560 --> 00:02:23,230
So what I going to do is I'm going to simply right.

40
00:02:23,230 --> 00:02:25,170
Click and go to inspect element.

41
00:02:25,630 --> 00:02:27,340
So when you go to inspect Element.

42
00:02:28,590 --> 00:02:31,930
You will see this kind of interface.

43
00:02:32,130 --> 00:02:32,780
OK?

44
00:02:34,010 --> 00:02:42,080
So now, guys, let me make it zoom so that you can see it, this particular thing, in my view, OK?

45
00:02:42,500 --> 00:02:50,210
So when you see here we are currently here, the maps input name this name texta size 30 and max length

46
00:02:50,210 --> 00:02:50,710
is ten.

47
00:02:51,170 --> 00:02:59,390
So the thing that we need to do here is we need to change 200, OK, because we want to enter more characters

48
00:02:59,390 --> 00:02:59,920
than 10.

49
00:02:59,930 --> 00:03:05,310
So that is why for the convenience, I just changed 10 to the hundred.

50
00:03:05,510 --> 00:03:06,860
So now let's try to exploit this.

51
00:03:06,870 --> 00:03:07,710
So how we can do that.

52
00:03:08,030 --> 00:03:13,190
So what I'm going to do here is I'm going to say, OK, this is also a script.

53
00:03:13,200 --> 00:03:15,100
So I'm going to, uh.

54
00:03:16,150 --> 00:03:19,240
OK, let me paste it here, OK?

55
00:03:19,290 --> 00:03:23,270
Now let's change as to capital and as to capital.

56
00:03:23,720 --> 00:03:25,540
OK, and neither here.

57
00:03:25,550 --> 00:03:25,850
Hello.

58
00:03:26,120 --> 00:03:27,150
So now let's try to run this.

59
00:03:27,560 --> 00:03:35,150
So when you hit enter, you will see this is doing as per our requirement that that means it is taking

60
00:03:35,150 --> 00:03:39,760
over input and it is simply executing it on the server level.

61
00:03:39,890 --> 00:03:45,460
Whenever I we will get back to this, we will have the same address.

62
00:03:45,500 --> 00:03:49,310
Now let's try to get back again to it and it will give you an error like this.

63
00:03:49,580 --> 00:03:57,860
So this is how you can exploit it in case of medium by just using that inspect element and inspect element.

64
00:03:57,860 --> 00:04:03,440
And you cannot when you have the choice that you are having to fill and one field is restricted by the

65
00:04:03,440 --> 00:04:03,860
characters.

66
00:04:03,890 --> 00:04:07,000
Another for you is a restricted by the slicers.

67
00:04:07,130 --> 00:04:12,080
So what you can do here is you can simply use inspect element in place of the character case.

68
00:04:12,240 --> 00:04:17,400
OK, so now let's try to see what it is inside the high security.

69
00:04:17,420 --> 00:04:18,730
So now click on Summit.

70
00:04:18,740 --> 00:04:21,430
So when you click on segment, let's get back to Starburst.

71
00:04:21,860 --> 00:04:24,300
So when you see the source.

72
00:04:24,500 --> 00:04:31,040
So now let's try to run that particular command that we did in the case of Mirriam so far that just.

73
00:04:31,580 --> 00:04:34,850
OK, let me go back to inspect Element.

74
00:04:35,970 --> 00:04:39,060
So when you go back to inspect Element, we need to change it again.

75
00:04:39,100 --> 00:04:39,730
OK.

76
00:04:40,200 --> 00:04:42,960
OK, to double click here, you will see this thing.

77
00:04:45,680 --> 00:04:47,450
100 -- enter.

78
00:04:47,810 --> 00:04:49,960
So now I will be able to enter.

79
00:04:50,390 --> 00:04:50,800
Come on.

80
00:04:50,990 --> 00:04:52,730
So let's try to exploit this.

81
00:04:54,620 --> 00:04:56,110
Let's see, is it working or not?

82
00:04:56,120 --> 00:04:56,890
In case of this.

83
00:04:57,230 --> 00:05:05,360
Hello, not hit enter or so when you hit enter, you can see here what it is doing here is this is simply

84
00:05:05,360 --> 00:05:09,670
changing all the things inside, like with the help of is.

85
00:05:10,200 --> 00:05:16,790
OK, it is adding these many characters in between these, these things so that it can not be run.

86
00:05:17,030 --> 00:05:18,460
OK, guys, let's see.

87
00:05:18,460 --> 00:05:19,630
It's the view source.

88
00:05:20,540 --> 00:05:24,410
So when you make it as as you can see, let's see the name.

89
00:05:24,410 --> 00:05:25,880
It is text message.

90
00:05:26,030 --> 00:05:31,610
As we all know, that inside method, they are doing the same as they did in the last millennium, but

91
00:05:31,610 --> 00:05:34,710
the same thing they are also doing in the case of Nemo.

92
00:05:34,730 --> 00:05:40,120
So they are simply adding the glasses and they are simply a real escape string.

93
00:05:40,130 --> 00:05:41,390
What they are doing, they are changing.

94
00:05:41,750 --> 00:05:43,590
They are changing in the game.

95
00:05:43,850 --> 00:05:48,090
They are tuning in, steaminess special characters, whatever we have entered there.

96
00:05:48,390 --> 00:05:52,280
OK, so this is how it works in case of a high.

97
00:05:52,290 --> 00:05:54,290
That is why we are not able to exploit this.

98
00:05:54,530 --> 00:05:57,110
So this is, guys, how you can simply.

99
00:05:58,910 --> 00:06:02,070
Exploit accessors if elected and exercise torbay's.

100
00:06:02,300 --> 00:06:03,570
So this was all for this lecture.

101
00:06:04,140 --> 00:06:08,080
I hope you guys understand it, how it's all work and thank you for watching this lecture.