1
00:00:01,280 --> 00:00:02,029
Welcome back.

2
00:00:02,450 --> 00:00:09,920
Let's see a different example of finding him an injection vulnerability for this, we're going to need

3
00:00:09,920 --> 00:00:13,430
our over spurtle machine, so make sure that it is started.

4
00:00:13,920 --> 00:00:18,950
Make sure that you have it started right here and that intercept is turned off.

5
00:00:19,800 --> 00:00:25,530
Now, what we want to do is we want to navigate to the IP address of our virtual machine.

6
00:00:26,800 --> 00:00:30,100
Then we want to navigate to always mattilda day to.

7
00:00:31,680 --> 00:00:40,920
And you will notice that right here, if we go to August 2013 and a one injection, we will have multiple

8
00:00:40,920 --> 00:00:46,440
examples of an injection or should I say multiple practice examples of it.

9
00:00:47,160 --> 00:00:49,830
Let's go to, for example, this one.

10
00:00:49,980 --> 00:00:53,580
Let's go to injection and then Browsr info.

11
00:00:54,100 --> 00:00:59,910
If I click on that, it will open a page that it should be vulnerable to an injection.

12
00:01:00,300 --> 00:01:00,690
Right.

13
00:01:01,200 --> 00:01:09,300
But compared to the last example that we saw here, we don't really see any user input that we can use

14
00:01:09,300 --> 00:01:10,350
to inject code.

15
00:01:10,950 --> 00:01:15,130
We can't enter our HTML code anywhere on this page.

16
00:01:15,600 --> 00:01:17,250
So what are we going to do?

17
00:01:17,910 --> 00:01:20,700
Well, let's take a look at the page a little bit closer.

18
00:01:21,510 --> 00:01:27,540
If we take a look at all of the information that we have right here, we're going to notice something

19
00:01:27,540 --> 00:01:32,520
quite familiar for us, which is this user agent string.

20
00:01:33,300 --> 00:01:36,750
It appears to be our user agent or us.

21
00:01:37,620 --> 00:01:46,500
Now, if we remember in the beheaders, there is a user agent header that has this information for us.

22
00:01:47,700 --> 00:01:53,640
So could it be that perhaps the user agent, Heather, is getting reflected on this page?

23
00:01:54,840 --> 00:01:56,280
I mean, we can give it a try.

24
00:01:56,360 --> 00:02:02,320
Let's see what happens once we reload this page while intercept is turned on.

25
00:02:02,520 --> 00:02:08,490
So let's go to our Burset, turn on the intercept, and let's reload this page.

26
00:02:09,120 --> 00:02:15,090
So straightaway we get this HTP request, and this is the same request for this page since we tried

27
00:02:15,090 --> 00:02:15,730
to reload it.

28
00:02:16,230 --> 00:02:23,430
Now, let's compare this information right here, which is the user agent drink with the user agent

29
00:02:23,430 --> 00:02:26,250
string that we got in our HTP headers.

30
00:02:26,850 --> 00:02:27,690
So here it is.

31
00:02:28,260 --> 00:02:31,210
As we can see, it's pretty much the same thing.

32
00:02:32,010 --> 00:02:39,810
So even though we don't have a user input field on our webpage, could we possibly try to inject HTML

33
00:02:39,810 --> 00:02:41,640
code in the user agent field?

34
00:02:42,270 --> 00:02:43,510
Well, let's give it a try.

35
00:02:43,830 --> 00:02:53,670
If I delete the current user agent and I type H1 tags and then test and then I close H1 tags and let's

36
00:02:53,670 --> 00:02:58,800
also, for the purposes of this tutorial, add the underlying tags just so we can see whether it will

37
00:02:59,310 --> 00:03:00,580
also underline it.

38
00:03:00,600 --> 00:03:03,440
So if we open the tags, we must also close them.

39
00:03:03,930 --> 00:03:10,560
And once we inject this, hopefully if it gets reflected on this page, we're going to see test written

40
00:03:10,560 --> 00:03:13,590
in header sites one and also underlined.

41
00:03:14,220 --> 00:03:15,140
Let's give it a try.

42
00:03:15,180 --> 00:03:19,020
Let's forward this packet and turn of the intercept.

43
00:03:19,680 --> 00:03:22,560
Go back to the page and here it is.

44
00:03:23,130 --> 00:03:26,460
We get test reflected as an HTML code.

45
00:03:27,240 --> 00:03:28,140
How cool is that?

46
00:03:28,440 --> 00:03:35,190
We didn't use any user input field on the page, but we still managed to inject HTML code through HTTP

47
00:03:35,190 --> 00:03:35,670
headers.

48
00:03:36,690 --> 00:03:37,150
Awesome.

49
00:03:37,620 --> 00:03:42,480
This is just another example of an injection, and in the next video, we're going to take a look at

50
00:03:42,480 --> 00:03:47,330
even more interesting example and more useful example of the injection.

51
00:03:47,730 --> 00:03:48,720
See you in the next video.