1
00:00:00,060 --> 00:00:08,100
Now we will discuss cross site scripting attack in an actual injection attack and attacker goes after

2
00:00:08,100 --> 00:00:14,380
our labor Web site to target it store data such as user credential or sensitive financial data.

3
00:00:14,580 --> 00:00:21,180
But if attacker would rather directly target a Web site user, they may opt for a cross site scripting

4
00:00:21,180 --> 00:00:24,670
attack similar to an actual injection attack.

5
00:00:24,960 --> 00:00:31,710
This attack also involves injecting malicious code into a Web site, but in this case, the website

6
00:00:31,710 --> 00:00:33,600
itself is not being attacked.

7
00:00:33,930 --> 00:00:41,190
Instead, the malicious code the attacker has injected only runs in the user's browser when they visit

8
00:00:41,190 --> 00:00:42,330
the attack website.

9
00:00:42,330 --> 00:00:46,110
And it goes after the visitor directly, not the website.

10
00:00:46,740 --> 00:00:53,670
One of the most common way an attacker can deploy across that scripting attack is by injecting malicious

11
00:00:53,670 --> 00:00:57,950
code into a comment or a script that could automatically run.

12
00:00:58,260 --> 00:01:05,520
For example, they could embed a link to a malicious JavaScript in a comment on a blog cross site.

13
00:01:05,520 --> 00:01:12,120
Scripting attacks can significantly damage a website for reputation by placing the user's information

14
00:01:12,120 --> 00:01:19,280
at risk without any indication that anything malicious even occurred at any sensitive information or

15
00:01:19,290 --> 00:01:25,920
user sent to a site such as their credential, credit card information or other private data can be

16
00:01:25,920 --> 00:01:32,640
hijacked via crosschecks scripting without the Web site's owners realizing that there were there was

17
00:01:32,640 --> 00:01:39,510
even a problem in the first place to understand Crossette scripting attack by this image in five simple

18
00:01:39,510 --> 00:01:40,080
steps.

19
00:01:40,800 --> 00:01:46,470
First of all, Attacker discovers a website for having a script injection of vulnerabilities.

20
00:01:46,770 --> 00:01:54,510
After finding vulnerable website, the attacker injects a pilot into a database with a malicious JavaScript

21
00:01:54,630 --> 00:01:58,160
that steal cookies from their database.

22
00:01:58,830 --> 00:02:05,190
In the third step, the Web site transmitted the victim's browser, the page with the attackers payload,

23
00:02:05,460 --> 00:02:07,140
then the victim's browser.

24
00:02:07,140 --> 00:02:12,060
Execute Demolisher script in step after script.

25
00:02:12,060 --> 00:02:20,040
Execution Victim sends his cookies to the attacker in the fifth and the last step, the attacker extract

26
00:02:20,040 --> 00:02:25,170
victim's cookie after which he use it for sition hijacking and his personal use.

27
00:02:26,010 --> 00:02:29,160
In this way, crosseyed scripting attack works.