1 00:00:00,090 --> 00:00:01,260 All right, welcome back, everyone. 2 00:00:01,290 --> 00:00:05,040 This is Rajneesh, and decision is about cross site scripting. 3 00:00:05,340 --> 00:00:17,760 Dach Right to concept scripting is all about, as the name suggests, when you insert a script into 4 00:00:17,760 --> 00:00:18,570 another domain. 5 00:00:18,900 --> 00:00:19,250 All right. 6 00:00:19,410 --> 00:00:22,140 That's called cross site scripting. 7 00:00:22,680 --> 00:00:24,620 And that's part of an attack. 8 00:00:25,080 --> 00:00:28,260 And let's understand what exactly it is. 9 00:00:28,260 --> 00:00:32,280 And then we would understand how we can accomplish this attack. 10 00:00:32,370 --> 00:00:32,730 Right. 11 00:00:33,090 --> 00:00:41,250 And understand this with this is one of the most popular hack other than, in fact, skill injection 12 00:00:41,250 --> 00:00:47,970 and many of the vulnerabilities as it has been there in the last top in vulnerability for many years, 13 00:00:47,970 --> 00:00:48,440 in fact. 14 00:00:49,770 --> 00:00:50,820 So let's get started. 15 00:00:50,820 --> 00:00:54,300 The first part is, OK, what exactly it is? 16 00:00:54,300 --> 00:01:00,840 It's a vulnerability that allowed in and that allows an attacker to inject the code into the content 17 00:01:00,840 --> 00:01:03,180 of the outside website. 18 00:01:03,930 --> 00:01:12,360 So this is what if you recall correctly, this is what we have learned in the S.O.P in the video, Supai 19 00:01:12,360 --> 00:01:12,710 as well. 20 00:01:12,720 --> 00:01:16,410 This is what the S.O.P basically blocked, but great for a second. 21 00:01:16,680 --> 00:01:24,960 And so we blocked injecting the code to another site by loading the JavaScript from the website from 22 00:01:24,960 --> 00:01:30,100 the another Web site is not blocked by is not denied by the ISP. 23 00:01:30,570 --> 00:01:38,850 OK, you can act with the S.O.P, you can stop the injection to the NADR website, but you can still 24 00:01:38,850 --> 00:01:43,260 load the website, you can still load the DOA script from the website. 25 00:01:43,620 --> 00:01:48,090 And that's what the that's what not being denied by the European. 26 00:01:48,090 --> 00:01:50,890 Hence crosseyed scripting is possible. 27 00:01:51,840 --> 00:01:52,860 So let's understand. 28 00:01:53,310 --> 00:01:56,640 There are three main crossette scripting. 29 00:01:56,650 --> 00:02:04,080 The first is reflected accessors which is the reflected crosseyed scripting and then we have stored 30 00:02:04,260 --> 00:02:14,550 crosseyed scripting reflected groo scripting is pretty much popular but and when you have to spend a 31 00:02:14,550 --> 00:02:23,220 lot of time an individual user to compromise, where exactly we use it, when, when we want to compromise 32 00:02:23,220 --> 00:02:30,090 multiple users, we want to compromise the user, or maybe we want to get the complete access to the 33 00:02:30,090 --> 00:02:30,630 user. 34 00:02:30,630 --> 00:02:36,060 Or maybe we want to compromise using dad's laptop system, mobile phone or anything. 35 00:02:36,660 --> 00:02:39,870 We make use of carotids going, what is our attack vector? 36 00:02:39,870 --> 00:02:40,980 What is our tool for this? 37 00:02:41,340 --> 00:02:42,660 We just need a website. 38 00:02:43,110 --> 00:02:49,560 We just need people to come to the any any sort of website or maybe compromise website and then they 39 00:02:49,560 --> 00:02:50,550 can launch their attack. 40 00:02:50,760 --> 00:02:51,040 Right. 41 00:02:51,120 --> 00:02:52,820 This is all the start to do with it. 42 00:02:53,220 --> 00:03:00,780 The Reflektor, that is the first matter, which is which is pretty good, but it requires a lot of 43 00:03:00,780 --> 00:03:05,880 attention where you have to compromise a lot of users in order to get the return on your value. 44 00:03:06,100 --> 00:03:07,750 Inward investment, in fact. 45 00:03:08,250 --> 00:03:16,590 Second, as the store exercice and of course, this is what this is what you will learn that the store 46 00:03:16,590 --> 00:03:24,180 exercise is something where although it takes time, but it really has a value on your investment as 47 00:03:24,180 --> 00:03:27,570 a time or money or whatever it is as a hacker. 48 00:03:27,720 --> 00:03:28,070 Right. 49 00:03:28,350 --> 00:03:36,720 And then there is a -- exercice which is a bit more collective and, you know, advances well in 50 00:03:37,080 --> 00:03:37,890 some of the sense. 51 00:03:38,700 --> 00:03:46,740 So this is all three exercice that will be talking about and will be going through each individual crossette 52 00:03:46,740 --> 00:03:53,820 scripting one by one and will be understanding in much more detail the variety of love with it. 53 00:03:53,970 --> 00:03:54,360 All right. 54 00:03:54,870 --> 00:03:56,100 So let's get started. 55 00:03:56,580 --> 00:03:56,970 Thank you.