1
00:00:00,270 --> 00:00:02,340
Hello everybody and welcome back.

2
00:00:02,460 --> 00:00:08,850
And let us start off with the cross-eyed scripting attack which is also I believe after the actual injection

3
00:00:08,850 --> 00:00:14,550
one of the most common attacks found on the website applications.

4
00:00:14,560 --> 00:00:18,520
So what is the cross-eyed script an attack on ability.

5
00:00:18,610 --> 00:00:28,150
Well basically your web browser is interpreter of code which uses HD AML and script code for showing

6
00:00:28,150 --> 00:00:32,950
documents including texts pictures and videos for example.

7
00:00:32,950 --> 00:00:40,360
Now what that means that it basically allows users to interact with dynamic elements including search

8
00:00:40,360 --> 00:00:49,570
fields hyperlinks forms video audio controls and many other now besides the HD the AML code itself.

9
00:00:49,580 --> 00:00:53,400
There is most likely going to be a script code that allows all of that.

10
00:00:53,450 --> 00:01:00,850
Now the most commonly used script code would be the yellow scripts and it is used to make more your

11
00:01:00,970 --> 00:01:05,780
website or basically any website on the Internet more dynamic.

12
00:01:05,800 --> 00:01:08,450
Now why am I talking all of this.

13
00:01:08,480 --> 00:01:15,280
Well basically when user input is used to determine the script code and the input isn't filtered well

14
00:01:15,370 --> 00:01:20,080
enough you get the scrubs then you get the cross up scripting vulnerability.

15
00:01:20,080 --> 00:01:21,280
Now what I mean by that.

16
00:01:21,280 --> 00:01:24,020
Well for example let's say you have a Web site.

17
00:01:24,020 --> 00:01:31,120
And basically what you mean when you click on something or when you type something in our thing pops

18
00:01:31,120 --> 00:01:36,610
up on your screen or moves the left from right on the Web site or basically anything that makes a Web

19
00:01:36,610 --> 00:01:38,440
site more dynamic to you.

20
00:01:38,440 --> 00:01:45,130
That was caused by you can be used to make the cross up scripting vulnerability work there.

21
00:01:45,130 --> 00:01:52,810
It happens when script code he said it in user input field and browser as executed as a code instead

22
00:01:52,810 --> 00:01:53,970
of some kind of data.

23
00:01:53,980 --> 00:01:58,630
For example you type in the user input in green and your screen turns green.

24
00:01:58,660 --> 00:02:01,740
It is basically some kind of interaction with the Web site.

25
00:02:01,810 --> 00:02:07,900
And if you type there are a script code and the user input is filtered as in these masculine command

26
00:02:07,900 --> 00:02:08,590
objection.

27
00:02:08,680 --> 00:02:17,810
An example injection each can be read as the script code as I said the mostly used script code is the

28
00:02:18,150 --> 00:02:19,230
your script.

29
00:02:19,370 --> 00:02:26,370
But it can also be some of the other examples such as the VBA scripts or any other script code.

30
00:02:26,390 --> 00:02:33,320
Now the let me just open leave pad right here before I continue talking about this since this is a theoretical

31
00:02:33,320 --> 00:02:37,550
part where you need to understand basically what am I saying.

32
00:02:37,550 --> 00:02:43,060
So the most common access attack or cross scripting.

33
00:02:43,070 --> 00:02:51,810
So basically exercise assesses the short for cross site scripting.

34
00:02:51,860 --> 00:02:58,400
The most common attack would include something like this the attacker which performs the attack so the

35
00:02:58,400 --> 00:03:07,790
attacker that performs the attack the one or both that application

36
00:03:10,550 --> 00:03:24,440
the victim which uses that browser and some website that attacker once to for example redirect.

37
00:03:26,250 --> 00:03:30,520
Let me just make this a proper English.

38
00:03:30,740 --> 00:03:36,540
So the script can be used to redirect vulnerable websites.

39
00:03:36,560 --> 00:03:39,700
And it is most commonly what you will see.

40
00:03:40,010 --> 00:03:45,850
So for example when when you visit some kind of Web site let's say you with it again on online shop

41
00:03:45,860 --> 00:03:53,150
or flowers and you click on a specific link that leads you to that shop and suddenly you are on some

42
00:03:53,230 --> 00:03:56,450
Web site that sells cars for example.

43
00:03:56,660 --> 00:04:02,030
You will know that it was done with the redirection using for example javascript.

44
00:04:02,060 --> 00:04:10,880
Now since it is redirect from flowers to cars it is most likely it was most likely a part of the attack

45
00:04:11,300 --> 00:04:17,150
from some of the hacker that redirected it to his own Web site or to someone's Web site that paid him

46
00:04:17,150 --> 00:04:19,350
to do that.

47
00:04:19,370 --> 00:04:25,570
That is the most common thing that you will do and you and someone as a victim that uses a browser.

48
00:04:25,580 --> 00:04:33,770
He basically just goes to the Web flower shop and suddenly gets redirected to buy cars which makes no

49
00:04:33,770 --> 00:04:34,370
sense at all.

50
00:04:34,400 --> 00:04:41,300
But it happens now in order for us to show a simple example of cross-eyed scripting.

51
00:04:41,320 --> 00:04:53,260
Let's just go to our virtual machine let me just close it and open the log in page once again.

52
00:04:55,110 --> 00:05:02,680
I'm not really sure how the tie loaded with this IP address since my always to machine is in the dark

53
00:05:02,690 --> 00:05:04,910
one up nine but it doesn't matter at the moment.

54
00:05:04,940 --> 00:05:08,250
So but we want to do from here.

55
00:05:08,610 --> 00:05:15,870
We want to go to the D the a DV w h so memorable Weber can go once again on there.

56
00:05:16,860 --> 00:05:24,630
And once you go there it will lead you to the same page that we were before on with DSL injection and

57
00:05:24,630 --> 00:05:26,250
command ejection.

58
00:05:26,280 --> 00:05:28,040
This is taking a little bit slower.

59
00:05:28,050 --> 00:05:30,070
Just check out the IP address for the.

60
00:05:30,170 --> 00:05:37,290
I type the correct one so I have config that one but six it should load it any second right now

61
00:05:40,110 --> 00:05:46,680
or yeah I could put my maybe have the bird suit on and the intercept on of course I always forget to

62
00:05:46,680 --> 00:05:47,340
turn that off.

63
00:05:47,340 --> 00:05:49,440
So let us slow the page right now.

64
00:05:49,440 --> 00:06:00,290
It asks us for using the password that is in an admin admin click here on log in can save and you what

65
00:06:00,290 --> 00:06:05,020
you want to go on is the accesses reflected and access is stored.

66
00:06:05,650 --> 00:06:16,520
Now the stored access is basically how they say this The injected code is saved on the web server or

67
00:06:16,520 --> 00:06:22,790
in the database an application will show it to every user that visits the page.

68
00:06:23,110 --> 00:06:27,070
The goal of Starbucks says is to infect every visitor of the website.

69
00:06:27,080 --> 00:06:29,970
It is the most dangerous type of the exercise.

70
00:06:29,990 --> 00:06:35,970
Why is it the most dangerous because it is basically an attack on the website itself.

71
00:06:36,060 --> 00:06:42,590
And if you send a code it will be saved on the website and it will send the same page to everyone who

72
00:06:42,680 --> 00:06:46,970
requires that website.

73
00:06:47,010 --> 00:06:53,070
Now the reason that is dangerous is because you as for example a victim could just be visiting that

74
00:06:53,090 --> 00:07:01,290
website and run my your script code and basically I could exploit your browser or anything that I have

75
00:07:01,290 --> 00:07:07,560
written in that code right there or it could be just a simple message that is usually left to let someone

76
00:07:07,560 --> 00:07:16,360
know that they're vulnerable to the cross-eyed scripting attack not the reflected access in setting

77
00:07:16,420 --> 00:07:24,280
instead of sending the script to the server as install attack the reflected attack is link with javascript

78
00:07:24,280 --> 00:07:28,940
that we send to the victim so let me just show you what I mean by that.

79
00:07:28,940 --> 00:07:36,440
So let us go to the exercise reflected and as we can see right here it will ask us What's your name.

80
00:07:36,530 --> 00:07:39,230
Now this is the example of interactive web page.

81
00:07:39,350 --> 00:07:44,210
So if we type here our name is John and we submit that.

82
00:07:44,270 --> 00:07:46,080
You can see that right here if you type.

83
00:07:46,100 --> 00:07:47,780
Hello John.

84
00:07:47,780 --> 00:07:53,540
Now we can see the source of the code which of course on the normal Web sites you won't be able to see

85
00:07:53,540 --> 00:07:54,210
it.

86
00:07:54,590 --> 00:07:56,530
But we don't really need it right here.

87
00:07:56,570 --> 00:08:02,510
You can test this on any website that you're testing to see if it is vulnerable to the cross scripting

88
00:08:02,510 --> 00:08:03,340
attack.

89
00:08:03,520 --> 00:08:10,380
And that would be simply to type here a script.

90
00:08:10,660 --> 00:08:11,160
Let me just.

91
00:08:11,260 --> 00:08:21,700
So this arrow in the script then you close the tower arrow then alert open parenthesis parentheses then

92
00:08:22,270 --> 00:08:23,230
an apostrophe.

93
00:08:23,500 --> 00:08:25,160
And then for example its type here.

94
00:08:25,230 --> 00:08:28,370
Shallow then called the apostrophe.

95
00:08:28,390 --> 00:08:34,930
Then of course the parenthesis then this error once again slashed and then script and then closed this

96
00:08:35,170 --> 00:08:36,160
arrow.

97
00:08:36,160 --> 00:08:45,730
So if we submit this and it you will see that it shows us a window that says hello and as easy as that.

98
00:08:45,750 --> 00:08:47,550
We now know that this.

99
00:08:48,060 --> 00:08:52,060
This page is vulnerable to the cross site scripting attack.

100
00:08:52,200 --> 00:08:59,340
Since we were able to send a part of javascript code and the page interpreted it as the part of the

101
00:08:59,580 --> 00:09:00,600
server code

102
00:09:04,350 --> 00:09:07,980
so I'm not really sure let me just go right here and back to here.

103
00:09:08,310 --> 00:09:08,530
Yeah.

104
00:09:08,550 --> 00:09:11,060
It won't be showing us that once again.

105
00:09:11,130 --> 00:09:12,800
So that was the sample.

106
00:09:12,810 --> 00:09:17,600
The easy example of the reflected across a scripting attack.

107
00:09:17,670 --> 00:09:19,130
Now you can do that.

108
00:09:19,140 --> 00:09:22,650
You can run some malicious code but let's use the same code once again.

109
00:09:22,650 --> 00:09:30,380
And once you click here submit you can copy this link right here and send it to anyone.

110
00:09:30,450 --> 00:09:39,770
So let's just say for example this link and you send that to over an email or over messenger or any

111
00:09:39,770 --> 00:09:44,480
other social media application and someone clips clicks on this link.

112
00:09:44,480 --> 00:09:50,430
So they go I will just copy and paste it since I don't have anyone to send it to.

113
00:09:50,750 --> 00:09:58,070
And they click the link you will notice that it will run the same window for them even though they didn't

114
00:09:58,070 --> 00:09:59,350
type anything in here.

115
00:09:59,360 --> 00:10:04,640
So basically anyone that uses this link will run this javascript code within their page.

116
00:10:04,640 --> 00:10:10,970
Now this code is not malicious so it doesn't really do anything about it could be malicious for example

117
00:10:11,000 --> 00:10:16,690
it could steal cookies for example and hijack a session with that.

118
00:10:16,710 --> 00:10:22,370
Now you might say well this link right here looks really suspicious and that is true.

119
00:10:22,380 --> 00:10:27,180
But there are lots of websites on the Internet that shorten the link or change the link so that you

120
00:10:27,180 --> 00:10:29,700
cannot recognize anything in the link itself.

121
00:10:30,820 --> 00:10:34,220
So that could be another option.

122
00:10:34,240 --> 00:10:41,490
Now that's about it for the uh perfected process shipping attack and we'll continue with these cross-eyed

123
00:10:41,510 --> 00:10:44,020
scripting in the next lecture.

124
00:10:44,090 --> 00:10:46,670
I hope I see you there and take care of my.