1
00:00:13,090 --> 00:00:19,510
In the last lecture, we had an introduction to what is Exercice in this lecture, we will see different

2
00:00:19,510 --> 00:00:21,070
types of crosseyed scripting.

3
00:00:21,730 --> 00:00:27,580
So before studying the types, of course, excerpting, first we will see the actors in an exercise

4
00:00:27,580 --> 00:00:29,050
attack in general.

5
00:00:29,260 --> 00:00:35,110
And EXIS attack involves three actors, the website, the victim and the attacker.

6
00:00:35,680 --> 00:00:36,370
Dipset.

7
00:00:37,190 --> 00:00:41,080
The website serves Actimel pages users who request them.

8
00:00:41,710 --> 00:00:47,420
The Websites database is a database that stores some of the user input included in the website's pages.

9
00:00:47,620 --> 00:00:53,360
The victim is a normal user of the website who requests pages from it using his browser.

10
00:00:54,070 --> 00:01:00,100
The attacker is a malicious user of the website who intends to launch an attack on the victim by exploiting

11
00:01:00,100 --> 00:01:02,220
an excess vulnerability in the website.

12
00:01:02,590 --> 00:01:07,840
The attacker server is a web server controlled by the attacker for the sole purpose of stealing the

13
00:01:07,840 --> 00:01:09,370
victim's sensitive information.

14
00:01:10,000 --> 00:01:12,310
Let's start with types of exercice.

15
00:01:13,060 --> 00:01:18,280
Well, the goal of an exercise attack is always to execute malicious JavaScript in the victim's browser.

16
00:01:18,820 --> 00:01:21,910
There are few fundamentally different ways of achieving that goal.

17
00:01:22,720 --> 00:01:29,830
Exercice attacks are often divided into three types, but a system exists where the malicious ring originates

18
00:01:29,830 --> 00:01:30,010
from.

19
00:01:30,010 --> 00:01:36,490
The websites database Reflektor Exercice with the malicious string originates from the victim's request

20
00:01:36,820 --> 00:01:43,800
and the DOM based access where the vulnerability is in the client circle rather than the server side

21
00:01:43,810 --> 00:01:44,060
code.

22
00:01:44,890 --> 00:01:49,390
So let's begin with Reflektor crosseyed script in Reflektor X's attack.

23
00:01:49,660 --> 00:01:52,920
The malicious string is a part of victim's request to the website.

24
00:01:53,680 --> 00:01:59,350
The website then includes this malicious, strengthened response sent back to the user in the diagram

25
00:01:59,350 --> 00:02:02,140
on your screen, the attacker craftsy.

26
00:02:02,140 --> 00:02:05,530
You are containing a malicious string and sends it to the victim.

27
00:02:06,250 --> 00:02:11,460
The second the victim is tricked by the attacker in requesting the URL from the website.

28
00:02:11,830 --> 00:02:17,320
The third, the website includes a malicious string from the URL in the response, and the fourth,

29
00:02:17,680 --> 00:02:20,050
the victim's browser executes the manuscript.

30
00:02:20,050 --> 00:02:24,070
Insert the response, sending the victim's cookies to the attacker server.

31
00:02:24,700 --> 00:02:27,040
So how can reflect X succeed?

32
00:02:27,700 --> 00:02:33,880
At first, Reflektor Exercice might seem harmless because it requires the victim himself to actually

33
00:02:33,880 --> 00:02:35,890
send the request containing a malicious string.

34
00:02:36,760 --> 00:02:42,160
Since nobody would willingly attack himself, there seems to be no way of actually performing the attack.

35
00:02:42,280 --> 00:02:48,310
As it turns out, there are at least two common ways of causing a victim to launch Reflektor X's attack

36
00:02:48,310 --> 00:02:49,150
against himself.

37
00:02:50,080 --> 00:02:56,080
If the user targets a specific individual, the attacker can send a malicious order to the victim using

38
00:02:56,080 --> 00:02:59,320
email or instant messaging and trick him into visiting it.

39
00:02:59,650 --> 00:03:04,980
If the user targets a large group of people, the attacker can publish a link to the malicious you all

40
00:03:05,350 --> 00:03:09,680
on his own website or on a social network and wait for visitors to click it.

41
00:03:10,360 --> 00:03:13,360
The next is a dorm based charoset scripting.

42
00:03:14,470 --> 00:03:22,060
Dorm based exercise is a variant of both persistent and reflected exists in radio and based X's attack.

43
00:03:22,510 --> 00:03:28,420
The malicious string is not actually passed by the victim's browser until the website's legitimate JavaScript

44
00:03:28,420 --> 00:03:29,190
is executed.

45
00:03:30,180 --> 00:03:36,870
On your screen, you can see that at number one, the attacker craftsy, you are containing a malicious

46
00:03:36,900 --> 00:03:41,170
string and sends it to the victim at number two, the victim.

47
00:03:41,610 --> 00:03:47,610
But the attacker in requesting the order from the website at number three, the website receives the

48
00:03:47,610 --> 00:03:53,760
request, but does not include the malicious drink and response ad number for the victim's brother,

49
00:03:53,790 --> 00:03:59,040
executes the legitimate script inside the response, causing the manuscript to be inserted into the

50
00:03:59,040 --> 00:03:59,400
page.

51
00:04:00,120 --> 00:04:06,450
And at the number five, the victim's brother considers the manuscript inserted into the page by sending

52
00:04:06,450 --> 00:04:08,460
the victim's cookies to the attacker server.

53
00:04:08,880 --> 00:04:14,420
What makes the based X's different in dorm based X's attack?

54
00:04:14,820 --> 00:04:17,940
There is no malicious script inserted as a part of the pitch.

55
00:04:18,550 --> 00:04:23,760
The only script that is automatically executed during the page load is a legitimate part of the pitch.

56
00:04:24,150 --> 00:04:30,630
The problem is that this legitimate script directly makes use of the user input in order to add it to

57
00:04:30,630 --> 00:04:31,080
the page.

58
00:04:31,470 --> 00:04:38,160
Because the malicious string is inserted into the page using enriched Timal, it is parsed at esteemable

59
00:04:38,190 --> 00:04:40,560
causing the manager script to executer.

60
00:04:41,310 --> 00:04:43,470
The difference is subtle but important.

61
00:04:44,190 --> 00:04:48,720
In traditional xes, the malicious JavaScript is executed when the page is loaded.

62
00:04:48,960 --> 00:04:55,500
As a part of a statement sent by the server in Dom Best Expresses the malicious JavaScript is executed

63
00:04:55,500 --> 00:05:01,200
at some point after the page is loaded as a result of page legitimate javascript deleting user input.

64
00:05:01,410 --> 00:05:09,120
Unsafety the next iStore cross site scripting while browsing and e-commerce website.

65
00:05:09,510 --> 00:05:16,140
A perpetrator also honourably that allows estimate tags to be embedded in a site comment section.

66
00:05:16,290 --> 00:05:21,480
The embedded tags become a permanent feature of the page, causing the browser to parse them with the

67
00:05:21,480 --> 00:05:22,710
rest of the source code.

68
00:05:23,100 --> 00:05:30,120
Everytime the page is open on your screen, you can see that the attacker since Xs below the server

69
00:05:30,570 --> 00:05:38,280
and every time user asks for the request to the server, the Xs gets initiated by the user and hence

70
00:05:38,490 --> 00:05:39,540
the user is hacked.

71
00:05:39,750 --> 00:05:40,850
From the next lecture.

72
00:05:41,160 --> 00:05:44,130
We will start with the practicals of Exercice.