1
00:00:01,530 --> 00:00:05,460
Okay now let's have a look on start exercise example.

2
00:00:05,550 --> 00:00:08,910
Now the exercise is very similar to our reflected one.

3
00:00:08,910 --> 00:00:13,070
It's it allows you to inject javascript code into the browser.

4
00:00:13,140 --> 00:00:16,410
The code is executed on the people that visit the page.

5
00:00:16,410 --> 00:00:21,730
The only difference is with the reflected you have the sense that you are out to your target.

6
00:00:21,810 --> 00:00:28,730
So the target had to actually click on a U R L for the exploit to run or for the code to run and the

7
00:00:29,730 --> 00:00:35,430
stored access the code will actually be stored into a database or into the page.

8
00:00:35,430 --> 00:00:41,600
So every time any person runs that page they will see your code and your code will be executed.

9
00:00:41,610 --> 00:00:46,260
So you want me to interact with any users or send them anything.

10
00:00:46,340 --> 00:00:50,140
Therefore this could be much more dangerous than a reflected exercise.

11
00:00:51,200 --> 00:00:52,970
So let's have a look on this now.

12
00:00:53,090 --> 00:00:59,390
I clicked on the access store here on the left and you have this page and this page just allows you

13
00:00:59,390 --> 00:01:02,880
to add a message system.

14
00:01:02,960 --> 00:01:09,190
So I'm going to call my name as a we're just going to do a normal test first and we're going to put

15
00:01:09,190 --> 00:01:17,300
a message at you for example and then I'm going to sign the guestbook and you can see that they added

16
00:01:17,300 --> 00:01:20,090
a message called message body.

17
00:01:20,110 --> 00:01:25,400
So if you go to hear to another machine.

18
00:01:25,570 --> 00:01:28,270
So this is a different machine to a different place.

19
00:01:28,270 --> 00:01:33,430
And if we go to The Exorcist or we can see that there is two entries so the entries are being loaded

20
00:01:33,430 --> 00:01:38,470
from the database and that they contain the entries in that database.

21
00:01:38,470 --> 00:01:44,950
So if we managed to inject code in here then any person who runs this page the code will run it without

22
00:01:44,980 --> 00:01:48,000
even having to send that person anything.

23
00:01:48,010 --> 00:01:49,620
So let's try to inject stuff here.

24
00:01:50,460 --> 00:01:56,260
So in this with my name as a and I'm going to try to put my code in here so I'm going to try to inject

25
00:01:56,260 --> 00:01:57,360
into the message.

26
00:01:57,640 --> 00:01:59,550
I'm going to call it a script.

27
00:01:59,710 --> 00:02:04,360
I'm going to use the exact same code test code that we used in the previous video just a message saying

28
00:02:04,360 --> 00:02:05,220
exercise.

29
00:02:05,320 --> 00:02:12,880
Again very basic code but it serves for the purposes of this video and we're going to say it's

30
00:02:15,990 --> 00:02:20,180
access and try to sign the guest book.

31
00:02:20,390 --> 00:02:26,510
And as we can see now I got the exercise here but the real magic happens when a normal person.

32
00:02:26,510 --> 00:02:30,690
So let's just go home first and let's assume this is just the normal Web site.

33
00:02:30,710 --> 00:02:36,110
And people just are in and browsing it and what's they're going to go to the guestbook javascript code

34
00:02:36,110 --> 00:02:39,420
will be executed on their system from that website.

35
00:02:39,470 --> 00:02:45,500
So the code is going from that web site and it's going to be executed on every person that visits this

36
00:02:45,500 --> 00:02:48,040
page.

37
00:02:48,140 --> 00:02:54,380
Again we're just shown a proof of concept here in future videos will show how to further exploit this

38
00:02:54,380 --> 00:02:55,330
kind of vulnerable.