1
00:00:01,320 --> 00:00:09,510
In this lesson, we will talk about excess or crosseyed scripting now crosseyed scripting is a type

2
00:00:09,510 --> 00:00:18,600
of security vulnerability typically found in Web applications, and attacker may use excess in order

3
00:00:18,600 --> 00:00:26,970
to inject blindsides scripts into Web pages and attacker may use accesses to bypass access controls.

4
00:00:27,150 --> 00:00:27,530
Right.

5
00:00:28,230 --> 00:00:37,530
An attacker may also use accessors in order to steal cookies or for phishing attacks or for other exploitation

6
00:00:37,530 --> 00:00:38,280
purposes.

7
00:00:38,790 --> 00:00:39,090
Right.

8
00:00:39,720 --> 00:00:43,250
So let's talk about the process of exercise.

9
00:00:44,490 --> 00:00:52,980
First of all, we will find an input parameter and then we will try to access a script in that input

10
00:00:52,980 --> 00:00:53,580
parameter.

11
00:00:54,360 --> 00:01:00,150
Now, what I mean by input barometer, if you visit a e-commerce website, you will find and search

12
00:01:00,150 --> 00:01:02,570
bar to search for the different products.

13
00:01:02,820 --> 00:01:06,440
So we will try to run accessors on that search bar, OK.

14
00:01:06,930 --> 00:01:14,930
And if we succeed, then there may be chances that there is excess vulnerability on that Web page.

15
00:01:15,390 --> 00:01:22,260
And to make sure we will move on to the next step, which is try to inject JavaScript code into that

16
00:01:22,260 --> 00:01:29,160
input parameter, and if we succeed, then make sure there must be an excess vulnerability.

17
00:01:29,250 --> 00:01:33,360
OK, so we will go for the exploitation using access.

18
00:01:33,780 --> 00:01:38,300
OK, now let's talk about the types of excesses.

19
00:01:38,310 --> 00:01:41,150
So there are military type of crosseyed scripting.

20
00:01:41,670 --> 00:01:48,760
The first is restricted access, which is a most common vulnerability found in web applications.

21
00:01:49,620 --> 00:01:54,030
The other one is stored exercice and the third one is don't based exercice.

22
00:01:54,570 --> 00:01:57,150
Don't worry, we will talk about all of them in detail.

23
00:01:57,150 --> 00:01:58,130
Incoming lectures.

24
00:01:59,310 --> 00:02:03,940
Now, I hope you all heard about a word bug bombi.

25
00:02:04,380 --> 00:02:07,350
So Bug means finding weakness in a website.

26
00:02:08,070 --> 00:02:14,790
And if the venue reported back to the owner of the website, then maybe the company or the person will

27
00:02:14,790 --> 00:02:16,550
provide you a reward in return.

28
00:02:16,590 --> 00:02:19,140
So the reward you earn is the bounty.

29
00:02:19,500 --> 00:02:28,830
OK, so I will show you what kind of genuine websites will help you to earn bounty by hunting.

30
00:02:29,730 --> 00:02:38,550
OK, now I'm not providing any kind of earning guarantee, but my aim is to show you or to make you

31
00:02:38,550 --> 00:02:46,920
aware about the fact that you can also earn money by finding bugs or finding weaknesses in Web applications.