1
00:00:00,090 --> 00:00:01,260
All right, welcome back, everyone.

2
00:00:01,290 --> 00:00:05,040
This is Rajneesh, and decision is about cross site scripting.

3
00:00:05,340 --> 00:00:17,760
Dach Right to concept scripting is all about, as the name suggests, when you insert a script into

4
00:00:17,760 --> 00:00:18,570
another domain.

5
00:00:18,900 --> 00:00:19,250
All right.

6
00:00:19,410 --> 00:00:22,140
That's called cross site scripting.

7
00:00:22,680 --> 00:00:24,620
And that's part of an attack.

8
00:00:25,080 --> 00:00:28,260
And let's understand what exactly it is.

9
00:00:28,260 --> 00:00:32,280
And then we would understand how we can accomplish this attack.

10
00:00:32,370 --> 00:00:32,730
Right.

11
00:00:33,090 --> 00:00:41,250
And understand this with this is one of the most popular hack other than, in fact, skill injection

12
00:00:41,250 --> 00:00:47,970
and many of the vulnerabilities as it has been there in the last top in vulnerability for many years,

13
00:00:47,970 --> 00:00:48,440
in fact.

14
00:00:49,770 --> 00:00:50,820
So let's get started.

15
00:00:50,820 --> 00:00:54,300
The first part is, OK, what exactly it is?

16
00:00:54,300 --> 00:01:00,840
It's a vulnerability that allowed in and that allows an attacker to inject the code into the content

17
00:01:00,840 --> 00:01:03,180
of the outside website.

18
00:01:03,930 --> 00:01:12,360
So this is what if you recall correctly, this is what we have learned in the S.O.P in the video, Supai

19
00:01:12,360 --> 00:01:12,710
as well.

20
00:01:12,720 --> 00:01:16,410
This is what the S.O.P basically blocked, but great for a second.

21
00:01:16,680 --> 00:01:24,960
And so we blocked injecting the code to another site by loading the JavaScript from the website from

22
00:01:24,960 --> 00:01:30,100
the another Web site is not blocked by is not denied by the ISP.

23
00:01:30,570 --> 00:01:38,850
OK, you can act with the S.O.P, you can stop the injection to the NADR website, but you can still

24
00:01:38,850 --> 00:01:43,260
load the website, you can still load the DOA script from the website.

25
00:01:43,620 --> 00:01:48,090
And that's what the that's what not being denied by the European.

26
00:01:48,090 --> 00:01:50,890
Hence crosseyed scripting is possible.

27
00:01:51,840 --> 00:01:52,860
So let's understand.

28
00:01:53,310 --> 00:01:56,640
There are three main crossette scripting.

29
00:01:56,650 --> 00:02:04,080
The first is reflected accessors which is the reflected crosseyed scripting and then we have stored

30
00:02:04,260 --> 00:02:14,550
crosseyed scripting reflected groo scripting is pretty much popular but and when you have to spend a

31
00:02:14,550 --> 00:02:23,220
lot of time an individual user to compromise, where exactly we use it, when, when we want to compromise

32
00:02:23,220 --> 00:02:30,090
multiple users, we want to compromise the user, or maybe we want to get the complete access to the

33
00:02:30,090 --> 00:02:30,630
user.

34
00:02:30,630 --> 00:02:36,060
Or maybe we want to compromise using dad's laptop system, mobile phone or anything.

35
00:02:36,660 --> 00:02:39,870
We make use of carotids going, what is our attack vector?

36
00:02:39,870 --> 00:02:40,980
What is our tool for this?

37
00:02:41,340 --> 00:02:42,660
We just need a website.

38
00:02:43,110 --> 00:02:49,560
We just need people to come to the any any sort of website or maybe compromise website and then they

39
00:02:49,560 --> 00:02:50,550
can launch their attack.

40
00:02:50,760 --> 00:02:51,040
Right.

41
00:02:51,120 --> 00:02:52,820
This is all the start to do with it.

42
00:02:53,220 --> 00:03:00,780
The Reflektor, that is the first matter, which is which is pretty good, but it requires a lot of

43
00:03:00,780 --> 00:03:05,880
attention where you have to compromise a lot of users in order to get the return on your value.

44
00:03:06,100 --> 00:03:07,750
Inward investment, in fact.

45
00:03:08,250 --> 00:03:16,590
Second, as the store exercice and of course, this is what this is what you will learn that the store

46
00:03:16,590 --> 00:03:24,180
exercise is something where although it takes time, but it really has a value on your investment as

47
00:03:24,180 --> 00:03:27,570
a time or money or whatever it is as a hacker.

48
00:03:27,720 --> 00:03:28,070
Right.

49
00:03:28,350 --> 00:03:36,720
And then there is a -- exercice which is a bit more collective and, you know, advances well in

50
00:03:37,080 --> 00:03:37,890
some of the sense.

51
00:03:38,700 --> 00:03:46,740
So this is all three exercice that will be talking about and will be going through each individual crossette

52
00:03:46,740 --> 00:03:53,820
scripting one by one and will be understanding in much more detail the variety of love with it.

53
00:03:53,970 --> 00:03:54,360
All right.

54
00:03:54,870 --> 00:03:56,100
So let's get started.

55
00:03:56,580 --> 00:03:56,970
Thank you.