1 00:00:01,210 --> 00:00:01,930 Welcome back. 2 00:00:02,910 --> 00:00:09,060 Now I want discuss I reflected excess on our DV w a page. 3 00:00:10,060 --> 00:00:15,670 Now, there we have a certain level of security that we can set and we're going to take a look at how 4 00:00:15,670 --> 00:00:18,940 we can bypass the medium security level on this page. 5 00:00:20,010 --> 00:00:25,980 The reason we're not covering the high security level is because in the latest updates, high security 6 00:00:25,980 --> 00:00:29,250 level is said to be impossible to hack. 7 00:00:29,640 --> 00:00:34,730 It's actually set to the correct code as to how secure pages would look like. 8 00:00:35,310 --> 00:00:40,980 Let's go to our TV w a let's begin with admin and admin. 9 00:00:42,530 --> 00:00:47,380 And here we first want to check what security level will have currently we have low. 10 00:00:47,420 --> 00:00:52,910 Let's leave it like that for a moment and let's navigate to the exercice reflected. 11 00:00:54,300 --> 00:01:00,390 So we get a simple application, it asks for our name if we specify best. 12 00:01:01,340 --> 00:01:08,510 Our usual string, it says hello test, so we already see it's getting reflected on the page and it 13 00:01:08,510 --> 00:01:13,130 becomes interesting for us to test for both the email injection and access. 14 00:01:14,350 --> 00:01:24,400 Let's try with a simple alert function, so let's alert hello and let's close the script tax. 15 00:01:26,550 --> 00:01:32,400 As easy as that was, we get our alert window pop up right here that says hello. 16 00:01:33,560 --> 00:01:41,480 OK, awesome, but let's give it a try on a medium level, will that same example of work on this level, 17 00:01:41,930 --> 00:01:49,070 if we change it to medium and submit, then navigate back to access reflected in typing the same thing? 18 00:01:51,890 --> 00:01:55,250 Close the script and I submit. 19 00:01:57,030 --> 00:02:01,500 Hmm, we get hello alert and hello inside of our brackets. 20 00:02:02,380 --> 00:02:04,540 But where our script tax. 21 00:02:05,600 --> 00:02:12,200 Well, perhaps they got filtered in by this output, we would assume that they did indeed get filtered 22 00:02:12,200 --> 00:02:13,880 and removed from our input. 23 00:02:14,910 --> 00:02:19,710 If we want to cheat a little bit, we can take a look at the source code that will tell us exactly what 24 00:02:19,710 --> 00:02:24,780 this page is doing in order to filter our input and for practices that would be a good thing to do. 25 00:02:25,260 --> 00:02:27,270 Let's open this up code. 26 00:02:28,340 --> 00:02:36,710 And if we take a look at right here, here is where filtering happens, we're getting our script tags 27 00:02:36,710 --> 00:02:39,230 replaced with nothing. 28 00:02:40,270 --> 00:02:46,420 Hmm, interesting, but we can't run our JavaScript code without the script text, so does this mean 29 00:02:46,420 --> 00:02:47,980 that this is a secure input? 30 00:02:48,760 --> 00:02:52,480 Well, not exactly if we tried to do something like this. 31 00:02:55,270 --> 00:03:05,200 And we type in capital letters, script and then alert hello, and we close capital letters script. 32 00:03:06,040 --> 00:03:07,030 We submit this. 33 00:03:07,920 --> 00:03:15,330 Well, this worked, we only change the lowercase letters into capital letters, and it managed to bypass 34 00:03:15,330 --> 00:03:24,630 the filters of this page because by their code they're only replacing lowercase script tags with nothing. 35 00:03:24,990 --> 00:03:28,620 If we type uppercase script tags, then it will work. 36 00:03:30,620 --> 00:03:37,310 So how easy was that and believe me, many pages have this type of a week filter where they only filter 37 00:03:37,310 --> 00:03:40,660 some things and not all of them nonetheless. 38 00:03:40,670 --> 00:03:41,560 Thank you for watching. 39 00:03:41,570 --> 00:03:46,940 And in the next video, we're going to take a look at the store access on the eight page.