1 00:00:01,240 --> 00:00:05,120 So let's talk about how to discover these kind of vulnerabilities. 2 00:00:05,410 --> 00:00:07,700 Very similar to skill injections. 3 00:00:07,780 --> 00:00:17,710 The way to do this is you browse through your target and try to inject any text box or any your L that 4 00:00:17,710 --> 00:00:19,320 looks similar to this. 5 00:00:19,330 --> 00:00:25,180 So whenever you see your Elouise parameters try to inject these parameters or try to inject into text 6 00:00:25,180 --> 00:00:25,660 boxes 7 00:00:28,760 --> 00:00:32,080 so let's have a look on reflected as exercise example. 8 00:00:32,090 --> 00:00:38,420 So these are the non-persistent nonstory vulnerabilities where you have to actually send the code to 9 00:00:38,420 --> 00:00:39,110 the target. 10 00:00:39,230 --> 00:00:43,200 And once the target runs the code it will be executed on their machine. 11 00:00:45,840 --> 00:00:53,060 So let's have a look on our DVD Web site and I'm just going to log in 12 00:01:01,450 --> 00:01:08,950 and then we're going to have an example of a reflected access as so as you see now you can put your 13 00:01:08,950 --> 00:01:13,840 name here for this text box and it's just going to say hello. 14 00:01:13,840 --> 00:01:16,350 Now this is obviously just an example. 15 00:01:16,520 --> 00:01:19,770 But the idea is you can inject into text boxes. 16 00:01:19,900 --> 00:01:26,050 Also if you have to have a look at the R L here you'll see that it's a GED so you can inject into the 17 00:01:26,080 --> 00:01:27,480 your L as well. 18 00:01:27,820 --> 00:01:29,810 So let me start at the pad 19 00:01:33,010 --> 00:01:40,070 and let's try to inject Exocets code on this and see if the code will be executed or javascript code 20 00:01:40,080 --> 00:01:40,890 sorry. 21 00:01:40,960 --> 00:01:44,650 So what I'm going to use is a very simple script. 22 00:01:45,640 --> 00:01:48,770 So we're using a script and a slide script tag. 23 00:01:48,850 --> 00:01:52,740 Now there is a lot of ways into discovering these kind of vulnerabilities. 24 00:01:52,750 --> 00:01:54,880 And a lot of ways to bypass filters. 25 00:01:55,000 --> 00:02:01,040 But for now we're just having a look at the basic case where we can inject a normal script and I'm going 26 00:02:01,040 --> 00:02:06,870 to say Alert which is just a function to give an alert to give a text box. 27 00:02:06,920 --> 00:02:08,570 And I'm going to say 28 00:02:11,610 --> 00:02:12,920 yes. 29 00:02:13,370 --> 00:02:17,630 So I'm going to click on submit and we'll see if this code will be executed. 30 00:02:21,090 --> 00:02:27,420 And as you can see now it's actually executing my code so instead of saying hello it here it says hello 31 00:02:27,850 --> 00:02:36,280 and my code has been executed and it produced this exercise so we can do the same here if you have a 32 00:02:36,280 --> 00:02:37,360 look under your owl. 33 00:02:37,390 --> 00:02:39,180 It actually already did it for us. 34 00:02:40,380 --> 00:02:43,710 But if we look at the R L here it's just going to be a bit bigger. 35 00:02:43,720 --> 00:02:51,290 They're We can see that the name has been obviously all of these characters are just Hasyim obvious 36 00:02:51,310 --> 00:02:52,430 cave characters. 37 00:02:52,700 --> 00:03:00,560 And now if you send this you r l to anybody who ever views that you or else what the code will be executed 38 00:03:00,590 --> 00:03:01,560 on their machine. 39 00:03:01,610 --> 00:03:05,520 And it's going to say exercice So let me show you here. 40 00:03:05,520 --> 00:03:07,640 You can also inject this in the your eye. 41 00:03:07,640 --> 00:03:10,350 I just want to show you the whole idea of that. 42 00:03:10,450 --> 00:03:14,860 So we have script script access 43 00:03:33,490 --> 00:03:36,580 and if I hit enter the code will be executed. 44 00:03:36,580 --> 00:03:43,120 So as I said we can copy this and send it to a certain person and once they run that code this code 45 00:03:43,120 --> 00:03:45,150 will be executed on their machine.