1
00:00:00,060 --> 00:00:07,050
‫Cross-Site scripting, abbreviated as access, is one of the most common vulnerabilities of Web applications

2
00:00:07,050 --> 00:00:11,010
‫caused by inadequate input and output validation.

3
00:00:11,160 --> 00:00:17,430
‫It's an attack in which malicious scripts are injected into otherwise benign and trusted web sites.

4
00:00:18,300 --> 00:00:25,920
‫Nexus attacks occur when an attacker uses a web application to send malicious code generally in the

5
00:00:25,920 --> 00:00:29,430
‫form of a browser side script to a different end.

6
00:00:29,430 --> 00:00:36,840
‫User flaws that allow these attacks to succeed occur when the web application uses input from a user

7
00:00:37,080 --> 00:00:42,360
‫within the output it generates without validating or encoding it.

8
00:00:42,630 --> 00:00:47,610
‫An attacker can use access to send a malicious script to an unsuspecting user.

9
00:00:48,000 --> 00:00:55,050
‫The End Users browser has no way to know that a script should not be trusted and will execute the script

10
00:00:55,440 --> 00:00:58,140
‫because it thinks the script came from a trusted source.

11
00:00:58,530 --> 00:01:04,800
‫The malicious script can access any cookies, session tokens or other sensitive information retained

12
00:01:04,800 --> 00:01:07,500
‫by the browser and used within that site.

13
00:01:07,860 --> 00:01:12,030
‫These scripts can even rewrite the content of the HTML page.

14
00:01:12,450 --> 00:01:15,600
‫Let's see the details on the different types of access.

15
00:01:15,600 --> 00:01:22,500
‫Flaws reflected excess is also known as non persistent access.

16
00:01:23,220 --> 00:01:30,120
‫These types of flaws occur when user input is immediately returned by a web application in an error

17
00:01:30,120 --> 00:01:37,710
‫message, search result, or any other response that includes some or all of the input provided by the

18
00:01:37,710 --> 00:01:39,900
‫user as part of the request.

19
00:01:40,170 --> 00:01:46,200
‫Without that, data being made safe to render in the browser and without permanently storing, the user

20
00:01:46,200 --> 00:01:47,100
‫provided data.

21
00:01:48,210 --> 00:01:52,080
‫The attacker prepares the HTTP request and sends it to the victim.

22
00:01:52,350 --> 00:01:57,300
‫For example, in a phishing email since the link is to a reliable website.

23
00:01:58,250 --> 00:02:05,780
‫The victim does not suspect the link and clicks on the link, the application sends the output produced

24
00:02:06,080 --> 00:02:13,580
‫using the input sent by the victim as a response of user request, the code sent and the response is

25
00:02:13,580 --> 00:02:15,920
‫interpreted in the victim's browser.

26
00:02:17,060 --> 00:02:24,080
‫So let's see the reflected excess in an example, we'll use dam vulnerable web application for this

27
00:02:24,080 --> 00:02:24,590
‫example.

28
00:02:25,540 --> 00:02:32,200
‫Go to the OWASP Broken Web Applications homepage, you can use the IP address of the OWASP virtual machine

29
00:02:32,200 --> 00:02:38,530
‫or if you do find a domain name in slash, et cetera, slash host file, you can use that name as well.

30
00:02:38,680 --> 00:02:41,560
‫Click the -- vulnerable web application link.

31
00:02:41,860 --> 00:02:48,310
‫Log into the application using user slash user credential and go to excess reflected page.

32
00:02:48,820 --> 00:02:52,870
‫So on this page, there is an input field asking the name of the visitor.

33
00:02:53,780 --> 00:02:57,050
‫When we submit our name, the application says hello.

34
00:02:57,380 --> 00:03:02,720
‫As you can see, the application produced an output using the user input.

35
00:03:05,050 --> 00:03:07,630
‫Do examine if the application validates the input.

36
00:03:08,490 --> 00:03:10,950
‫We submitted input, which includes a tag.

37
00:03:11,930 --> 00:03:19,100
‫Dag is not displayed, there might be two reasons for it, either the tag is sanitized or it's interpreted

38
00:03:19,100 --> 00:03:19,850
‫by the browser.

39
00:03:20,030 --> 00:03:22,550
‫So go to page source and search the tag.

40
00:03:28,440 --> 00:03:32,100
‫There it is, the input was not sanitized regularly.

41
00:03:35,610 --> 00:03:37,530
‫Now, try to send some script code.

42
00:03:50,320 --> 00:03:56,950
‫And the output contains the script, and the script is interpreted by the browser since the output is

43
00:03:56,950 --> 00:03:59,470
‫not stored and just reflected by the server.

44
00:03:59,500 --> 00:04:04,600
‫The attacker has to convince the victim to click on the link, which will cause the production of the

45
00:04:04,600 --> 00:04:05,560
‫malicious output.