1
00:00:01,150 --> 00:00:07,690
So let's talk about how to discover these kind of vulnerabilities very similar to Eskil injections.

2
00:00:07,690 --> 00:00:17,670
The way to do this is you browse through your target and try to inject any text box or any your l that

3
00:00:17,670 --> 00:00:19,240
looks similar to this.

4
00:00:19,260 --> 00:00:25,110
So whenever you see your l with parameters try to inject these parameters or try to inject into text

5
00:00:25,110 --> 00:00:25,620
boxes

6
00:00:28,700 --> 00:00:32,020
so let's have a look on reflected as access as example.

7
00:00:32,030 --> 00:00:38,360
So these are the non President non start vulnerabilities where you have to actually send the code to

8
00:00:38,360 --> 00:00:40,950
the target and wants to target runs the code.

9
00:00:40,970 --> 00:00:42,850
It will be executed on their machine

10
00:00:45,760 --> 00:00:53,000
so let's have a look on our DV w a website and I'm just going to log in

11
00:01:01,420 --> 00:01:09,150
and then we're going to have an example of a reflected accesses so as you see now you can put your name

12
00:01:09,150 --> 00:01:13,770
here for this text box and it's just going to say hello.

13
00:01:13,770 --> 00:01:16,270
Now this is obviously just an example.

14
00:01:16,460 --> 00:01:19,720
But the idea is you can inject into text boxes.

15
00:01:19,860 --> 00:01:26,100
Also if you have a have a look at the URL here you'll see that it's a get so you can inject into the

16
00:01:26,100 --> 00:01:27,750
URL as well.

17
00:01:27,750 --> 00:01:29,700
So let me start the d pad

18
00:01:32,940 --> 00:01:39,980
and let's try to inject access code on this and see if the code will be executed or a javascript code

19
00:01:39,990 --> 00:01:40,880
sorry.

20
00:01:40,920 --> 00:01:45,600
So what I'm going to use is a very simple script.

21
00:01:45,600 --> 00:01:48,670
So we're using this script and as script tag.

22
00:01:48,780 --> 00:01:54,240
Now there is a lot of ways into discovering these kind of vulnerabilities and a lot of ways to bypass

23
00:01:54,240 --> 00:01:54,890
filters.

24
00:01:54,930 --> 00:02:00,970
But for now we're just having a look at the basic case where we can inject a normal script and I'm going

25
00:02:00,970 --> 00:02:08,510
to say alert which is just a function to give an alert to give a text box and I'm going to say

26
00:02:11,400 --> 00:02:17,370
X as s so I'm going to click on submit and we'll see if this code will be executed

27
00:02:20,930 --> 00:02:24,160
and as you can see now it's actually executed in my code.

28
00:02:24,160 --> 00:02:32,860
So instead of saying hello Z here it said hello and my code has been executed and it produced this exercise

29
00:02:34,280 --> 00:02:40,740
so we can do the same here if you have a look at the URL it actually already did it for us but if we

30
00:02:40,740 --> 00:02:43,860
look at the URL here it's just going to be a bit bigger there.

31
00:02:45,680 --> 00:02:52,540
We can see that the name has been obviously all of these characters are just hasty and well escape characters.

32
00:02:52,640 --> 00:03:00,530
And now if you send this your URL to anybody whoever views that you are l what the code will be executed

33
00:03:00,530 --> 00:03:05,380
on their machine and it's going to say exercise so let me show you here.

34
00:03:05,450 --> 00:03:07,630
You can also inject this into your eye.

35
00:03:07,630 --> 00:03:10,340
I just want to show you the whole idea of that.

36
00:03:10,400 --> 00:03:14,810
So we have script slash script access

37
00:03:33,230 --> 00:03:36,530
and if I hit enter the code will be executed.

38
00:03:36,530 --> 00:03:40,570
So as I said we can copy this and send it to a certain person.

39
00:03:40,760 --> 00:03:44,840
And once they run that code this code will be executed on their machine.