1
00:00:01,160 --> 00:00:09,560
Before we finish off with the access section and the access vulnerability, I want to just mention one

2
00:00:09,560 --> 00:00:13,610
thing that we have within our own SPW, a application.

3
00:00:14,650 --> 00:00:21,640
Now, we do have a lot of these training applications on this virtual machine, but if you scroll a

4
00:00:21,640 --> 00:00:28,440
little bit down, you also have old vulnerable versions of real applications.

5
00:00:29,170 --> 00:00:34,510
And once you finish through this course and you finish all of these vulnerabilities, you can go through

6
00:00:34,510 --> 00:00:41,260
these real world applications that really existed previously and test for real vulnerabilities that

7
00:00:41,260 --> 00:00:42,760
were previously found.

8
00:00:43,420 --> 00:00:50,440
For example, since we are in the access section, let's try to find an access vulnerability on one

9
00:00:50,440 --> 00:00:51,590
of these applications.

10
00:00:52,480 --> 00:00:56,310
There are many, such as Joomla Aves starts to key.

11
00:00:56,740 --> 00:01:01,110
We have WordPress, we have get and many others as well.

12
00:01:01,780 --> 00:01:04,709
So let's, for example, go with this one.

13
00:01:04,750 --> 00:01:06,280
Let's go with get the.

14
00:01:08,270 --> 00:01:16,130
We have one search bar, we can go through all of these pages right here, but since we are in the access

15
00:01:16,130 --> 00:01:19,960
section, this search bar might be interesting for us.

16
00:01:20,360 --> 00:01:28,520
Let's type in test just to see what happens with our input so we get test written right here.

17
00:01:29,240 --> 00:01:29,800
OK.

18
00:01:30,740 --> 00:01:38,120
But what happens if we, for example, try to inject a simple script?

19
00:01:39,590 --> 00:01:40,220
Let's go.

20
00:01:42,040 --> 00:01:47,440
Hmm, it does get reflected here, but nothing really happens.

21
00:01:47,920 --> 00:01:49,510
Let's take a look at the source code.

22
00:01:50,850 --> 00:01:55,280
Let's once again try to find the alert, and here it is.

23
00:01:55,770 --> 00:01:59,760
Besides, there we also have it right here.

24
00:02:00,240 --> 00:02:02,820
So on to different places.

25
00:02:03,270 --> 00:02:05,280
Let's go with this place first.

26
00:02:05,280 --> 00:02:14,460
So we have open input tax and our script is being added between these double quotes right here inside

27
00:02:14,460 --> 00:02:15,990
of our value parameter.

28
00:02:17,070 --> 00:02:23,640
So what would happen if we were to, for example, type in something right here, for example, test?

29
00:02:23,970 --> 00:02:32,430
Then we manually close the double quotes and then we add the ending HTML sine to end this entire input

30
00:02:32,430 --> 00:02:32,850
part.

31
00:02:33,440 --> 00:02:35,790
And after that, we inject our code.

32
00:02:36,570 --> 00:02:38,550
Let's see if that would work.

33
00:02:39,220 --> 00:02:47,880
Let's go back, delete this and we type in test, for example, then we type in closing double quotes,

34
00:02:48,150 --> 00:02:52,710
then we close the HTML tax and now we run the script.

35
00:02:53,010 --> 00:03:01,300
So let's do it like this simple open script and close script with the alert function in between.

36
00:03:02,190 --> 00:03:07,290
This is our payload and now if we run it, well, here it is.

37
00:03:07,890 --> 00:03:11,880
We get access vulnerability in this application.

38
00:03:12,480 --> 00:03:14,550
Let's just quickly take a look at the code.

39
00:03:16,290 --> 00:03:24,050
To see what happened with our input here is the input field, and what happened is value is now equal

40
00:03:24,240 --> 00:03:24,720
test.

41
00:03:25,410 --> 00:03:33,240
As we can see right here, the input, open parameters are getting closed sooner than in real application.

42
00:03:33,240 --> 00:03:36,660
And then we are running the script alert function.

43
00:03:37,850 --> 00:03:43,520
The first of the code, which belonged to the input function, is getting processed as a regular text.

44
00:03:43,730 --> 00:03:46,890
That's why we have it outputted right here.

45
00:03:47,480 --> 00:03:48,680
So how cool is that?

46
00:03:49,650 --> 00:03:56,760
You can go through these real applications and you can try to search for all of the vulnerabilities

47
00:03:56,760 --> 00:04:00,180
that we covered and see which vulnerabilities you managed to find.

48
00:04:00,690 --> 00:04:04,020
Nonetheless, we have fully covered access right now.

49
00:04:04,020 --> 00:04:09,930
And in the next lecture, we're going to start off with another big quotability, which is called SQL

50
00:04:09,930 --> 00:04:10,590
injection.