1 00:00:08,020 --> 00:00:15,910 All right, so in the last lecture, we talked about it, for now we're digging into cross site scripting. 2 00:00:16,320 --> 00:00:19,350 And boy, do I have a treat for you guys today. 3 00:00:19,770 --> 00:00:21,990 And this is going to be awesome. 4 00:00:22,080 --> 00:00:23,490 I've got a way to put this. 5 00:00:23,500 --> 00:00:26,850 It's going to be absolutely amazing because you're going to see the entire process from beginning to 6 00:00:26,850 --> 00:00:27,120 end. 7 00:00:27,540 --> 00:00:29,400 We're not just going to pop an alert box. 8 00:00:30,150 --> 00:00:30,370 Right. 9 00:00:30,480 --> 00:00:39,740 You can understand the impact behind the alert that you typically see in the SS p.l.c. or proof of concept. 10 00:00:40,200 --> 00:00:42,020 So let's get down to this. 11 00:00:42,030 --> 00:00:44,790 Let's just look at how last defines crosshatch. 12 00:00:44,790 --> 00:00:45,120 Good thing. 13 00:00:45,430 --> 00:00:50,580 So you can see here the most automated tools can detect accessors, and it's one of the most prevalent 14 00:00:50,580 --> 00:00:52,230 issues found in the OOS. 15 00:00:52,410 --> 00:00:57,300 And when you get to the impact, I think this is the part that confounds most new security researchers 16 00:00:57,630 --> 00:01:03,480 and even managers, because for the impact, it says you can still credential sessions, things like 17 00:01:03,480 --> 00:01:03,720 that. 18 00:01:03,930 --> 00:01:04,920 How do you actually do that? 19 00:01:04,920 --> 00:01:05,160 Right. 20 00:01:05,190 --> 00:01:05,730 Nobody really. 21 00:01:06,090 --> 00:01:08,310 I mean, yeah, there are articles online that show you how to do that. 22 00:01:08,310 --> 00:01:11,940 But today I'm going to show you how to do it so you can see the true impact behind us. 23 00:01:12,720 --> 00:01:14,780 And you also see there are different types of access. 24 00:01:14,800 --> 00:01:15,180 That's right. 25 00:01:15,300 --> 00:01:18,210 Stored Dom reflected. 26 00:01:19,110 --> 00:01:20,880 And some people have confusion over this. 27 00:01:20,880 --> 00:01:25,550 Just think of damage using JavaScript so that the document object model. 28 00:01:25,950 --> 00:01:33,690 So all the elements on its Web page or on all Web pages are defined in a hierarchical structure and 29 00:01:33,690 --> 00:01:36,270 you can manipulate and interact with those elements through JavaScript. 30 00:01:37,050 --> 00:01:40,350 Well, Dom, access, there's nothing bad about that. 31 00:01:40,350 --> 00:01:49,290 But Dom Access allows an attacker to manipulate the DOM to coerce the victim user into performing an 32 00:01:49,290 --> 00:01:50,350 unintended action. 33 00:01:50,730 --> 00:01:52,560 But right now, we're just going to get into reflected. 34 00:01:52,920 --> 00:01:54,450 Stewart is usually the highest severity. 35 00:01:54,450 --> 00:01:57,410 But I want to keep it simple because this is complicated enough. 36 00:01:57,870 --> 00:01:58,190 All right. 37 00:01:58,200 --> 00:01:59,750 So let's just jump right into this. 38 00:01:59,760 --> 00:02:01,540 I can barely hold my breath any longer. 39 00:02:02,070 --> 00:02:03,930 So here's what we're going to do right now. 40 00:02:03,930 --> 00:02:08,580 We are playing the role of the attacker and the attacker has public access to this website. 41 00:02:08,580 --> 00:02:08,860 Right. 42 00:02:08,860 --> 00:02:09,660 To use that Kadenbach. 43 00:02:09,660 --> 00:02:14,550 Darkon, if you haven't seen how we did this in earlier lectures, we set this up so that this is running 44 00:02:14,550 --> 00:02:16,240 entirely from our cyber range. 45 00:02:16,920 --> 00:02:18,880 This is not a publicly accessible website. 46 00:02:19,430 --> 00:02:22,150 OK, and our attacker is Mark Ruffino. 47 00:02:22,920 --> 00:02:23,280 All right. 48 00:02:23,310 --> 00:02:24,920 This is Mark Ruffino email address. 49 00:02:25,470 --> 00:02:27,090 He's just using Outlook dot com. 50 00:02:27,930 --> 00:02:29,550 Now, what are we going to do with Mark Ruffino? 51 00:02:29,850 --> 00:02:34,650 Well, first, we want to see if this Web application is vulnerable to crosshatch scripting. 52 00:02:35,070 --> 00:02:42,630 And one of the easiest ways to do that is to look for potentially vulnerable sources like input boxes 53 00:02:42,630 --> 00:02:43,860 that are not sanitized. 54 00:02:44,400 --> 00:02:51,380 So as an attacker, the first thing I might do is type, you know, type B, common alert, get the 55 00:02:51,390 --> 00:02:55,580 box, the the classic exercise payload. 56 00:02:55,590 --> 00:02:55,860 Right. 57 00:02:56,970 --> 00:02:57,960 And you see nothing happens. 58 00:02:58,470 --> 00:03:03,720 And you can see here, you know, what's basically happening to it just being your encoded. 59 00:03:03,720 --> 00:03:08,910 But clearly, at least it appears to be clear that it doesn't it doesn't appear to be vulnerable to 60 00:03:08,910 --> 00:03:10,830 access or does it? 61 00:03:11,260 --> 00:03:11,600 Right. 62 00:03:11,610 --> 00:03:16,910 Because if these script actually blacklisted, that might be why this is failing. 63 00:03:17,370 --> 00:03:22,620 So we need to think outside the box, you know, as the attacker, how can we bypass any excess filters? 64 00:03:23,310 --> 00:03:23,610 Right. 65 00:03:24,120 --> 00:03:29,310 You know, maybe we can try embedding access payloads into an iFrame attack. 66 00:03:30,100 --> 00:03:30,660 Let's try that. 67 00:03:31,920 --> 00:03:32,940 So let's go ahead and take this. 68 00:03:35,090 --> 00:03:45,470 Ice cream sauce equals what we'll put in here is JavaScript, and we'll just make it pop the alert, 69 00:03:45,860 --> 00:03:46,150 right? 70 00:03:46,990 --> 00:03:48,830 Of course, we need to make sure we have our syntax right. 71 00:03:48,950 --> 00:03:54,530 I close up, close it out, and then close out the iFrame tag and look at that. 72 00:03:54,980 --> 00:03:56,010 We just popped up. 73 00:03:56,390 --> 00:03:58,370 Now, most people see this. 74 00:03:58,370 --> 00:03:59,180 This is what you usually see. 75 00:03:59,200 --> 00:03:59,810 It stops here. 76 00:04:00,110 --> 00:04:02,510 It's like, oh, you guys are vulnerable to access, all right. 77 00:04:02,520 --> 00:04:04,080 And then you write the report and everything's over. 78 00:04:04,100 --> 00:04:04,990 No, no, no, no, no, no, no. 79 00:04:05,000 --> 00:04:05,830 We're not doing that here. 80 00:04:06,140 --> 00:04:09,620 I want you to see why this is bad, why it's really, really, really bad. 81 00:04:10,070 --> 00:04:10,910 So check this out, guys. 82 00:04:11,180 --> 00:04:11,600 This is working. 83 00:04:11,600 --> 00:04:14,090 I do remember where the attacker. 84 00:04:14,450 --> 00:04:18,050 So now we know that this computer, that this Web app is vulnerable to access. 85 00:04:18,710 --> 00:04:20,750 What we can do is play with this. 86 00:04:22,080 --> 00:04:24,320 OK, so let's go to the attackers computer real quick. 87 00:04:26,940 --> 00:04:29,550 This is actually my host machine, but we're going to do 88 00:04:32,460 --> 00:04:34,640 is we're going to SFH into our digital ocean droplet. 89 00:04:34,770 --> 00:04:37,080 We set this up in earlier lectures, OK? 90 00:04:37,350 --> 00:04:38,940 And this is running Calli in the cloud. 91 00:04:40,320 --> 00:04:47,280 And we're going to a and then what we're gonna do is we're going to see if we have Apache listening. 92 00:04:50,980 --> 00:04:53,500 And it is running and you can probably see. 93 00:04:56,520 --> 00:04:57,770 But it is listening. 94 00:04:58,670 --> 00:05:00,370 Yes, it looks like it is right here, too. 95 00:05:01,130 --> 00:05:01,420 All right. 96 00:05:02,210 --> 00:05:03,500 So that's a good sign. 97 00:05:04,220 --> 00:05:05,660 Now we're going to do is we're going to become route. 98 00:05:08,330 --> 00:05:18,890 And we're going to find any files that were modified today, Apache to in time is equal to the last 99 00:05:18,890 --> 00:05:20,920 day and we're going to run against it. 100 00:05:21,620 --> 00:05:23,330 So these files were modified the last day. 101 00:05:24,130 --> 00:05:29,030 Let's just hit this domain up real quick, because if you look you can see the IP address or droplet 102 00:05:29,030 --> 00:05:31,850 is one sixty five twenty two to twenty three. 103 00:05:32,870 --> 00:05:36,080 And you can see this IP maps to road by X.com. 104 00:05:37,040 --> 00:05:37,300 Right. 105 00:05:37,350 --> 00:05:40,370 Let's see if we can go to road bikes dot com and trigger an event. 106 00:05:40,460 --> 00:05:48,800 So if we go to road bikes dot com you can see the Diffa page and now if we go back to the log directory, 107 00:05:50,240 --> 00:05:50,920 we still don't see. 108 00:05:50,930 --> 00:05:52,280 I was hoping to see an access log. 109 00:05:54,240 --> 00:05:56,160 That's where we might need to restart a party. 110 00:05:56,700 --> 00:06:03,180 Let's do that zero system, CDL restart party to state as a party to. 111 00:06:03,420 --> 00:06:03,770 All right. 112 00:06:06,870 --> 00:06:07,470 Let's go back into the. 113 00:06:10,600 --> 00:06:17,470 Access like, right, to have access to nothing there, so. 114 00:06:20,160 --> 00:06:21,870 We need to get some input in there. 115 00:06:22,110 --> 00:06:25,310 Let's go back to this page and see if we can force a request against it. 116 00:06:27,870 --> 00:06:32,310 Let me try a different browser in case this is cached now I'm on edge. 117 00:06:32,760 --> 00:06:33,830 I was in Chrome. 118 00:06:35,970 --> 00:06:37,020 Let's see if I did something. 119 00:06:38,210 --> 00:06:38,450 Yes. 120 00:06:38,670 --> 00:06:42,360 Now we can see it's three point nine K, and if we tell it, we got some input. 121 00:06:42,570 --> 00:06:44,100 Awesome, awesome, awesome, awesome, awesome. 122 00:06:44,730 --> 00:06:51,090 OK, so now we want to do is we want to see if we can we want to basically watch this log, OK, because 123 00:06:51,090 --> 00:06:53,170 we're going to try to steal Randy's cookies. 124 00:06:54,290 --> 00:06:57,630 We don't know Randy right now where the attacker, but we're just eating up our infrastructure. 125 00:06:57,990 --> 00:06:59,580 So if we do this, we can say watch. 126 00:07:00,090 --> 00:07:05,460 And this will just basically watch or constantly pull a particular file over and over again so we can 127 00:07:05,460 --> 00:07:06,350 see the changes. 128 00:07:06,960 --> 00:07:16,730 So if we type watch color interval, see the interval, we'll set that to zero point one seconds. 129 00:07:17,040 --> 00:07:22,630 And what do we want to do every zero point one seconds var log Pache to access to. 130 00:07:22,780 --> 00:07:23,900 All right. 131 00:07:24,360 --> 00:07:26,670 So we're going to tell this suite now. 132 00:07:26,970 --> 00:07:27,570 Let's go back here. 133 00:07:29,450 --> 00:07:35,450 Let's see if we can weaponize the payload, right, what we want to do is we want to modify this a little 134 00:07:35,450 --> 00:07:35,660 bit. 135 00:07:36,050 --> 00:07:39,830 So let's take this out of here and let's open it in mousepad 136 00:07:42,650 --> 00:07:44,420 so we can build out our malicious payload. 137 00:07:47,150 --> 00:07:50,100 We need to modify essentially this right here. 138 00:07:50,360 --> 00:07:53,260 We don't want to do an alert, instead, we want to send the cookie to us. 139 00:07:54,320 --> 00:08:02,570 So what we could do is we could say, all right, we want the window, that location to be the following 140 00:08:03,080 --> 00:08:08,810 HDB, road bikes, dot com, and they want to put in a fake file. 141 00:08:08,810 --> 00:08:09,710 This file does not exist. 142 00:08:09,720 --> 00:08:12,920 It doesn't matter such that it does not exist on my server. 143 00:08:13,910 --> 00:08:15,050 But I'm putting it here anyway. 144 00:08:15,470 --> 00:08:17,780 To make it look legitimate to the victim. 145 00:08:19,320 --> 00:08:20,480 Doesn't matter if it exists or not. 146 00:08:20,570 --> 00:08:25,760 Server can return for, for but it's going to send the cookie in this document, that cookie javascript 147 00:08:25,760 --> 00:08:26,180 parameter. 148 00:08:27,080 --> 00:08:27,400 Right. 149 00:08:27,980 --> 00:08:28,670 That looks good. 150 00:08:29,180 --> 00:08:29,750 Copy that. 151 00:08:32,730 --> 00:08:35,340 Sandroff, do we get anything? 152 00:08:35,370 --> 00:08:38,770 No, we didn't, and we may need to like, encode it in some way. 153 00:08:39,750 --> 00:08:40,110 All right. 154 00:08:40,140 --> 00:08:45,300 You can see up here what we're sending, but let's see if we can call this. 155 00:08:45,990 --> 00:08:48,000 What we'll do is we'll grab the malicious payload. 156 00:08:51,410 --> 00:08:53,570 And Google like access encoder. 157 00:08:57,200 --> 00:08:57,980 Sure, that looks good. 158 00:09:00,410 --> 00:09:04,820 Based in a string, and that's all we care about and code. 159 00:09:08,050 --> 00:09:14,970 And we'll grab the hex to get rid of that me to pass it and send it up now. 160 00:09:15,000 --> 00:09:15,430 Look at that. 161 00:09:17,670 --> 00:09:20,070 Interesting, this not found is from our server. 162 00:09:23,230 --> 00:09:25,150 The thing wasn't found, resource wasn't found. 163 00:09:25,870 --> 00:09:29,630 OK, so you can see we did get the request and it came in. 164 00:09:29,950 --> 00:09:35,050 Now all we need to do is weaponize a file like a word document, send it to a victim, get them to execute 165 00:09:35,050 --> 00:09:40,060 it, and we should get their cookies if they're logged into the Web app as an administrator, which 166 00:09:40,060 --> 00:09:41,290 is exactly what we're going to do. 167 00:09:41,710 --> 00:09:44,650 So now that we have this in place, let's go and create a document. 168 00:09:45,010 --> 00:09:45,340 Write. 169 00:09:47,350 --> 00:09:56,620 Libra office download, and when we want, we want not the bleeding edge, we just want something that 170 00:09:57,040 --> 00:09:57,640 will work. 171 00:09:58,900 --> 00:10:05,560 LENNIX Yes, we'll get the Debian version since we're running Debian callisthenics is based on Debian. 172 00:10:06,310 --> 00:10:08,910 So we'll click, download and let's get this guy going. 173 00:10:10,270 --> 00:10:11,890 All right, save. 174 00:10:13,760 --> 00:10:16,400 All right, so let's let this run and then we will install it. 175 00:10:17,420 --> 00:10:17,830 All right. 176 00:10:17,880 --> 00:10:18,740 The download is done. 177 00:10:19,340 --> 00:10:21,370 Should be able to tower this thing out. 178 00:10:22,950 --> 00:10:28,350 X extract the zip, be verbose, and the file we want is LibreOffice. 179 00:10:31,840 --> 00:10:33,130 Katie LibreOffice. 180 00:10:35,350 --> 00:10:45,190 And I think we can just go into this Debs Folder zero deed package TICC minus I to install start Deb, 181 00:10:46,030 --> 00:10:46,510 will that work? 182 00:10:48,100 --> 00:10:52,440 Basically telling it to install all of it, the dead files, which is what we want. 183 00:10:52,490 --> 00:10:52,730 Right. 184 00:10:52,770 --> 00:10:53,020 Right. 185 00:10:53,030 --> 00:10:53,680 We want everything. 186 00:10:54,770 --> 00:10:56,830 So it looks like it's installed like I wasn't sure if that was going to work. 187 00:10:57,190 --> 00:11:00,910 So we'll let this install and then we'll come back and once offices installed. 188 00:11:01,680 --> 00:11:02,200 All right. 189 00:11:02,200 --> 00:11:03,580 So we've got LibreOffice. 190 00:11:06,440 --> 00:11:10,550 Bibra office still red to show up here. 191 00:11:12,010 --> 00:11:12,460 There we go. 192 00:11:12,910 --> 00:11:15,640 All right, so let's open up writer. 193 00:11:18,600 --> 00:11:20,040 This is kind of like Microsoft Word. 194 00:11:21,030 --> 00:11:21,670 All right, cool. 195 00:11:22,840 --> 00:11:23,640 Don't care about that. 196 00:11:23,810 --> 00:11:25,000 Say hi, Randi. 197 00:11:25,980 --> 00:11:39,200 Please see the below link to activate give you the latest juice shop budgets for twenty twenty one. 198 00:11:39,990 --> 00:11:40,560 Thanks. 199 00:11:43,290 --> 00:11:44,230 Mark, right. 200 00:11:44,910 --> 00:11:46,860 And what will half of the budget's. 201 00:11:48,730 --> 00:11:56,770 There's a link, right, so right click this guy will say, can we insert a link and let's see insert. 202 00:11:58,820 --> 00:12:06,790 Eyeblink, All right, so this year will be our accessors payload and we'll just put it like twenty, 203 00:12:06,800 --> 00:12:10,730 twenty one budget budget. 204 00:12:13,220 --> 00:12:13,760 Apply. 205 00:12:13,910 --> 00:12:16,260 OK, that looks good to me. 206 00:12:16,670 --> 00:12:27,770 Let's save this guy and I'll just name it budgets and we'll save it as a Doc X. if possible. 207 00:12:29,780 --> 00:12:30,400 Can we do that? 208 00:12:30,410 --> 00:12:31,370 That Doc ex? 209 00:12:36,210 --> 00:12:38,550 No, I don't want to go there if I want to use a word. 210 00:12:40,530 --> 00:12:40,800 All right. 211 00:12:40,800 --> 00:12:42,980 So it looks like it's made it very cool. 212 00:12:44,550 --> 00:12:53,560 Now we can close it out, close this out, go back to Mark and we'll compile our email to Randy. 213 00:12:54,630 --> 00:12:55,920 All right, Randy. 214 00:12:59,600 --> 00:13:12,170 Um, juice shop, twenty twenty one twenty twenty two budgets oh, Mandy, I've compiled the latest 215 00:13:12,170 --> 00:13:14,990 budget data for your review. 216 00:13:16,310 --> 00:13:18,140 Please see attached. 217 00:13:19,280 --> 00:13:19,810 Thanks. 218 00:13:21,230 --> 00:13:21,590 All right. 219 00:13:21,590 --> 00:13:23,510 So we're going to go ahead and attach it. 220 00:13:25,200 --> 00:13:27,990 Budget, there it is, more clicks and. 221 00:13:30,730 --> 00:13:33,760 All right, so it is in our Sint folder that looks good. 222 00:13:34,030 --> 00:13:38,370 Let's pivot over to Randy now as the victim right now. 223 00:13:38,410 --> 00:13:43,750 Randy and you can see Randy is log into the app as. 224 00:13:45,130 --> 00:13:50,360 An administrator, OK, this is why it's dangerous to do all of your work in a super context. 225 00:13:50,380 --> 00:13:54,730 You can see now we've got this e-mail that just came in right from Mark Ruffino. 226 00:13:55,480 --> 00:13:56,010 Take a look at it. 227 00:13:57,010 --> 00:13:57,430 All right. 228 00:13:57,430 --> 00:13:58,080 So what do we have? 229 00:13:59,470 --> 00:13:59,680 Hello. 230 00:13:59,890 --> 00:14:02,360 You have compiled the latest batch of data for your review suite. 231 00:14:03,520 --> 00:14:04,570 It's going to open this guy up. 232 00:14:09,220 --> 00:14:14,920 OK, and we're going to click enable editing, you know, because we're just going to Trustmark Rovito 233 00:14:15,430 --> 00:14:19,450 and we'll just click Jaisha budget and you can see that is our payload right there. 234 00:14:19,450 --> 00:14:19,670 Right. 235 00:14:20,410 --> 00:14:21,910 So control click to activate. 236 00:14:23,450 --> 00:14:24,280 Let's see what happens. 237 00:14:24,850 --> 00:14:31,480 It automatically brings up our browser and it should immediately invoke the exercise payload and send 238 00:14:31,480 --> 00:14:33,250 us Randy's cookie. 239 00:14:34,320 --> 00:14:34,450 Right. 240 00:14:34,540 --> 00:14:35,530 You can see the not found. 241 00:14:36,500 --> 00:14:37,870 So that is a good sign for us. 242 00:14:37,870 --> 00:14:40,780 Now, Randi might look at this and be like the site looks kind of broken. 243 00:14:40,780 --> 00:14:41,500 I'm not sure what happened. 244 00:14:41,500 --> 00:14:41,770 Right. 245 00:14:42,430 --> 00:14:43,330 So he's going to write back. 246 00:14:48,290 --> 00:14:48,680 Mark. 247 00:14:50,980 --> 00:14:55,570 The link seems to be broken, to be broken. 248 00:14:56,620 --> 00:14:56,950 Can you. 249 00:14:59,050 --> 00:14:59,530 Thanks. 250 00:15:02,260 --> 00:15:03,640 All right, so we're going to send it out. 251 00:15:07,160 --> 00:15:11,750 And in the meantime, look what happened to the attacker, so step over to the attackers. 252 00:15:11,990 --> 00:15:14,090 You can see now what do we have here? 253 00:15:14,630 --> 00:15:15,380 It's juicy. 254 00:15:15,380 --> 00:15:16,120 It's delicious. 255 00:15:16,490 --> 00:15:17,990 We have his cookies. 256 00:15:18,680 --> 00:15:22,040 Look at this cookie consent status, dismiss token. 257 00:15:22,430 --> 00:15:23,570 We have his token. 258 00:15:25,220 --> 00:15:29,180 We've got to can only deduce paste this into our browser and send it out and we will become. 259 00:15:29,180 --> 00:15:31,280 Randee, we've essentially hijacked this session. 260 00:15:31,580 --> 00:15:31,910 Right. 261 00:15:32,450 --> 00:15:35,690 So we can literally grab this entire thing right here. 262 00:15:36,950 --> 00:15:37,080 Right. 263 00:15:37,130 --> 00:15:37,640 Click copy. 264 00:15:38,300 --> 00:15:41,240 As an attacker, we can essentially go here. 265 00:15:41,450 --> 00:15:42,110 Did you shop? 266 00:15:44,000 --> 00:15:46,670 And we can just go and look at these storage. 267 00:15:48,900 --> 00:15:49,470 Inspector. 268 00:15:51,730 --> 00:15:58,660 See the cookies and see this token, see that these values down here, all we need to do is update the 269 00:15:58,660 --> 00:16:02,470 continue code and the token with what we received from the victim. 270 00:16:04,850 --> 00:16:11,090 And we basically walk in as him in a way to do that would be to use a tool like Cookie Ed Cookie. 271 00:16:11,160 --> 00:16:12,890 Ed Firefox's. 272 00:16:17,070 --> 00:16:20,610 Right, so you would grab this tool added to Firefox? 273 00:16:25,900 --> 00:16:26,350 All right. 274 00:16:27,430 --> 00:16:28,780 And then you would go to your shop. 275 00:16:30,690 --> 00:16:34,590 You would basically just add these values and right continue code, but what is the continued code? 276 00:16:35,040 --> 00:16:37,540 Well, we have it right. 277 00:16:37,590 --> 00:16:38,370 Everything is in here. 278 00:16:40,020 --> 00:16:44,140 Language is in the percentages of space. 279 00:16:44,310 --> 00:16:48,300 It's just you are all encoded so we can actually break this down so we can see how the cookie values 280 00:16:50,400 --> 00:16:51,210 quite easily. 281 00:16:54,620 --> 00:17:00,670 You can see here's a token, we could simply grab that token and put it in here. 282 00:17:02,780 --> 00:17:06,490 Right, take it out, piece said, and save it. 283 00:17:08,520 --> 00:17:10,620 And then we're basically on our way. 284 00:17:12,320 --> 00:17:13,360 That's all I have for this guy. 285 00:17:13,450 --> 00:17:15,480 I really want to show you how dangerous exercise can be. 286 00:17:15,930 --> 00:17:20,070 And, you know, obviously, it's really important to sanitize your logs, properly, escape the fields, 287 00:17:20,430 --> 00:17:25,650 you know, make sure that you're not just blindly accepting untrusted user input and then processing 288 00:17:25,650 --> 00:17:30,930 it in an unsafe way, because if you do crosshatch, good thing can become a reality, which you don't 289 00:17:30,930 --> 00:17:31,840 want, obviously. 290 00:17:32,500 --> 00:17:32,650 Right. 291 00:17:32,670 --> 00:17:34,590 So I hope you guys enjoyed this lecture. 292 00:17:34,890 --> 00:17:35,520 The next one. 293 00:17:35,520 --> 00:17:41,250 We're going to dig into the next option here, which is insecurity serialisation. 294 00:17:41,760 --> 00:17:45,810 So I will see you guys in the next lecture when we jump into this scene a little bit by.