1
00:00:10,530 --> 00:00:17,490
Let us continue with Exercice attacks in the previous two videos, we saw how to exploit the cross site

2
00:00:17,490 --> 00:00:21,150
scripting vulnerability at a low level and medium level attack.

3
00:00:21,550 --> 00:00:28,950
But in this lecture, we will see the exploitation of excesses at a high level and this level of security

4
00:00:28,950 --> 00:00:31,350
you can expect in our websites.

5
00:00:32,070 --> 00:00:37,120
But before moving that, we should have a brief knowledge of JavaScript events.

6
00:00:38,160 --> 00:00:40,800
Now, what are the evening's events?

7
00:00:40,800 --> 00:00:44,010
Are actions or occurrences that happen in the system?

8
00:00:44,610 --> 00:00:50,640
In the world of programming, Actimel events are something that happens to the human elements.

9
00:00:51,120 --> 00:00:56,310
But when JavaScript is used in e-mail pages, it can react to these events.

10
00:00:56,790 --> 00:01:02,850
In this article, we will see what are the different types of events in JavaScript and how do they work

11
00:01:02,850 --> 00:01:04,530
in the following sequence.

12
00:01:06,030 --> 00:01:07,170
So what are events in?

13
00:01:08,830 --> 00:01:13,810
JavaScript has events that provide a dynamic interface to the page.

14
00:01:14,440 --> 00:01:21,220
These events are connected to elements in the form of document object model that is done.

15
00:01:22,470 --> 00:01:30,570
Also, these events by default, use the bubbling propagation that has appeared in the dorm from children

16
00:01:30,570 --> 00:01:31,320
to parent.

17
00:01:32,820 --> 00:01:36,390
What are the different types of events in JavaScript?

18
00:01:37,630 --> 00:01:42,860
There are different types of events in JavaScript that are used to react to events.

19
00:01:43,750 --> 00:01:48,310
Now we will have a look at the following events on Klick.

20
00:01:48,460 --> 00:01:49,540
What is an unclick?

21
00:01:49,540 --> 00:01:56,800
Even the unclick event is a mouse event and provokes any logic defined.

22
00:01:56,800 --> 00:02:00,040
If the user clicks on the element, it is bound to.

23
00:02:01,870 --> 00:02:11,200
Now we'll have that is an error on error event is an event which reacts when there is something error

24
00:02:11,410 --> 00:02:18,160
happened in loading the Web page or understanding the message supplied by the user, which means that

25
00:02:18,160 --> 00:02:22,750
whenever an error message is passed, the event will get executed.

26
00:02:24,190 --> 00:02:28,150
Then on Kallick even is we have seen unclick even.

27
00:02:30,020 --> 00:02:39,050
Law, even the law even is invoked when an element is loaded completely, so the function of these events

28
00:02:39,200 --> 00:02:47,150
is whenever something happens, then the event is generated, for example, on about the honor, what

29
00:02:47,150 --> 00:02:53,270
even is evoked when something or the program or the Web page is awarded completely.

30
00:02:54,280 --> 00:03:01,720
On Blu, even on change, even on play, even on key press, even now, what is on key press, even

31
00:03:02,020 --> 00:03:10,540
in all key press event, something happens when the value or the script is changed.

32
00:03:10,640 --> 00:03:15,190
So an example of one click event is on Kypreos.

33
00:03:15,340 --> 00:03:23,290
It basically triggers when a key is pressed and released so attackers can make use of such events to

34
00:03:23,290 --> 00:03:24,810
generate and hack systems.

35
00:03:24,820 --> 00:03:33,280
For example, if the writers javascript saying that whenever an user presses Elche s under keyboard,

36
00:03:33,460 --> 00:03:36,260
this event will take them to the malicious website.

37
00:03:36,580 --> 00:03:44,800
So when let's say a person called Sam and told his name and whenever he presses and releases it, the

38
00:03:44,800 --> 00:03:48,760
hacker probably has inputted that on key presses.

39
00:03:49,060 --> 00:03:51,190
Take the user to malicious website.

40
00:03:51,520 --> 00:03:54,820
Some will directly get directed the malicious websites.

41
00:03:55,240 --> 00:04:01,390
In these ways, these JavaScript events are also used to exploit Accessors vulnerabilities.

42
00:04:01,810 --> 00:04:05,260
Let us see how these events are used now.

43
00:04:05,500 --> 00:04:12,340
Login to your machine and start the DV w e which we have already installed in the machine.

44
00:04:13,060 --> 00:04:16,510
We will not use the machine this time.

45
00:04:16,510 --> 00:04:22,840
Also, let us see how to exploit the JavaScript accesses vulnerability at the high level.

46
00:04:26,570 --> 00:04:33,170
So right now, I'm in my living machine and you have to go to the security level and set the security

47
00:04:33,170 --> 00:04:38,120
level too high, click submit and then let us try as reflected.

48
00:04:39,170 --> 00:04:45,350
Now, here it is, asking us to exploit the vulnerability now, since we know that this is a high vulnerability,

49
00:04:45,540 --> 00:04:46,880
we won't keep on trying.

50
00:04:46,880 --> 00:04:55,550
The injection will try the previous script that we had inserted that is Xerces Alert and in which the

51
00:04:55,550 --> 00:04:57,520
characters are in order.

52
00:04:57,530 --> 00:04:59,960
So let's click submit and there you go.

53
00:05:00,360 --> 00:05:05,210
It has removed all the script characters before moving and before.

54
00:05:05,810 --> 00:05:08,180
Let me telling you what is the exact line.

55
00:05:08,180 --> 00:05:10,400
I would first like to review the call.

56
00:05:11,640 --> 00:05:20,670
So this is how the code looks like now, what it is saying, so you can see get input, replace that

57
00:05:20,880 --> 00:05:29,400
argument, replace, slash, open bracket, everything, everything with a dash.

58
00:05:30,120 --> 00:05:33,910
So you can see it is literally no.

59
00:05:33,930 --> 00:05:38,110
What is the exact meaning if you can see this is dark.

60
00:05:38,130 --> 00:05:43,240
So if the input or the code finds that there is a backslash, it will remove it.

61
00:05:43,680 --> 00:05:48,660
Now here the bracket starts opening brackets here and there is no closed bracket.

62
00:05:48,660 --> 00:05:55,040
And that is why in our output we got here the closed bracket because it wasn't removing that bracket.

63
00:05:55,500 --> 00:06:03,420
So if you go to court again, dot s, which means everything after small errors should be completely

64
00:06:03,420 --> 00:06:03,930
erased.

65
00:06:04,740 --> 00:06:08,250
Everything after S should be completely erased.

66
00:06:09,150 --> 00:06:13,740
Everything before and after C should be completely erased, no doubt.

67
00:06:13,740 --> 00:06:17,910
And Star stands for basically everything.

68
00:06:18,120 --> 00:06:19,440
Everything should be removed.

69
00:06:19,440 --> 00:06:22,170
And that is why it removed the script.

70
00:06:22,230 --> 00:06:22,770
Also.

71
00:06:23,970 --> 00:06:31,590
But how do I pass this now, and that is why we have seen the theory of unclick even now in this case,

72
00:06:31,600 --> 00:06:37,400
we are going to use the on error event to load an image whose address is not specified.

73
00:06:37,680 --> 00:06:40,260
So I will take the call will type.

74
00:06:41,820 --> 00:06:42,540
Image.

75
00:06:43,730 --> 00:06:45,920
So is equal to X.

76
00:06:47,400 --> 00:06:48,060
On.

77
00:06:49,540 --> 00:06:52,990
Error is equal to alert.

78
00:06:56,560 --> 00:06:58,690
Document, dot, cookie.

79
00:07:00,190 --> 00:07:01,700
And then I could close the gap.

80
00:07:02,070 --> 00:07:04,650
Now, what does this code means?

81
00:07:05,140 --> 00:07:10,720
So what I'm trying to do here is I'm trying to lower the image here, OK?

82
00:07:10,720 --> 00:07:11,760
I'm trying to lower image.

83
00:07:12,040 --> 00:07:15,660
Now, you point out that it was remove this.

84
00:07:16,060 --> 00:07:17,590
OK, OK, let remove.

85
00:07:17,600 --> 00:07:21,410
But I will say it won't remove because it is only doing it for script.

86
00:07:21,820 --> 00:07:28,180
So what I'm trying to do here is I'm trying to load an image whose source I haven't defined, OK, whose

87
00:07:28,180 --> 00:07:34,140
source is X, which means no, and therefore the code will generate an error.

88
00:07:34,780 --> 00:07:40,680
But what I'm generating in place of error is alert document dot cookie.

89
00:07:41,140 --> 00:07:46,570
Now I am expecting that after generating this error, I would get to know the document.

90
00:07:46,570 --> 00:07:50,040
That is the session I will hit submit and there you go.

91
00:07:50,350 --> 00:07:58,660
We have the position in the US, so basically you can see the image is not loaded and therefore find

92
00:07:58,660 --> 00:08:03,930
the image did not load because the code did not find the correct address.

93
00:08:04,240 --> 00:08:07,800
And since there was no address system, thought that it is error.

94
00:08:08,020 --> 00:08:11,750
But what we had told on error generate an alert.

95
00:08:12,130 --> 00:08:15,850
Therefore the excess volatility is successfully exploded.

96
00:08:16,660 --> 00:08:23,380
Now, this is the major trick used by security experts when they are trying to identify Xerces vulnerabilities

97
00:08:23,650 --> 00:08:31,330
in real websites because real websites are secured with maximum sanitisation of the input and maximum

98
00:08:31,330 --> 00:08:31,930
encoding.

99
00:08:32,350 --> 00:08:34,680
Now here we type the image.

100
00:08:34,690 --> 00:08:42,190
Now, applications like Amazon, Flipkart, they also remove the image also because they know that users

101
00:08:42,400 --> 00:08:43,580
are tricked into this.

102
00:08:43,630 --> 00:08:47,970
So there comes your knowledge of utilizing script.

103
00:08:47,980 --> 00:08:52,390
You can encode the entire thing and you are informed and sent via you.

104
00:08:52,390 --> 00:08:58,000
All you can see that is also in the world of what we have sent is also in the.

105
00:08:58,780 --> 00:09:05,890
So you can completely encode the script in your order encoding we had seen in the episode, if you remember,

106
00:09:06,160 --> 00:09:12,400
and then send via you all or you can capture the request, then into the script you can apply a hex

107
00:09:12,400 --> 00:09:14,910
encoding, you can apply binary encoding.

108
00:09:15,220 --> 00:09:17,710
So basically it depends upon how you do it.

109
00:09:18,010 --> 00:09:24,430
It is right now not possible in any of the ethical hacking courses to show each and every step because

110
00:09:24,550 --> 00:09:30,500
the pinging of each and every attacker or a cybersecurity expert should develop on yourself.

111
00:09:31,390 --> 00:09:33,340
This was all for Crosseyed scripting.

112
00:09:33,340 --> 00:09:40,690
I hope you have a clear idea before quitting this, before leaving this lecture, let us shift the security

113
00:09:40,690 --> 00:09:43,810
to impossible and then check the code what they have.

114
00:09:44,910 --> 00:09:45,490
Uncertain.

115
00:09:45,630 --> 00:09:47,040
Let's check the code here.

116
00:09:48,880 --> 00:09:56,470
You can see they have checked the toucan and this is the major trachea, the source code is now checking

117
00:09:56,470 --> 00:09:57,780
the token of the user.

118
00:09:57,790 --> 00:10:04,510
So suppose Sam logs in and his Tolkan is still alive and attacker logs in and tries to exploit and get

119
00:10:04,510 --> 00:10:09,380
the token server will say that, hey, man, your token is different than some.

120
00:10:09,430 --> 00:10:11,260
I can't give you his token.

121
00:10:11,680 --> 00:10:15,140
This is why this attack is prevented in the impossible.

122
00:10:15,280 --> 00:10:19,120
Well, I hope you have an idea of how this works.

123
00:10:19,540 --> 00:10:27,130
From the next lecture, we will see different countermeasures to prevent the attacks and then we will

124
00:10:27,130 --> 00:10:29,830
move on to cross site request forgery.

125
00:10:30,340 --> 00:10:31,720
Again, a humble request.

126
00:10:31,720 --> 00:10:37,000
If you are really liking this cause, please write a review for the schools because it will really motivate

127
00:10:37,000 --> 00:10:38,910
us to bring more courses.

128
00:10:38,920 --> 00:10:43,570
We have more courses in our mind which will really help you to ease your interviews.

129
00:10:43,940 --> 00:10:47,650
So if you are really loving the schools, you just have to write a review and a rating.

130
00:10:47,920 --> 00:10:48,580
That's it.