1 00:00:00,870 --> 00:00:08,670 Hello, everyone, welcome to this video, and we are going to see a practical demonstration of XHTML 2 00:00:08,670 --> 00:00:14,660 induction onto a lab website, which is testing dot dot com. 3 00:00:15,390 --> 00:00:21,330 So once you come onto this particular website, you can see here on the left hand side, there's a search 4 00:00:21,330 --> 00:00:21,780 button. 5 00:00:22,500 --> 00:00:27,370 And when you go, you will be able to search anything that you type over here. 6 00:00:27,960 --> 00:00:34,950 So, for example, let's say I type testing for its HTML injection and he'd go higgins'. 7 00:00:34,950 --> 00:00:39,530 It is getting reflected over here and there is nothing fancy. 8 00:00:39,540 --> 00:00:42,430 It is just simply getting reflected. 9 00:00:43,280 --> 00:00:51,480 Now what if I copy a code which is its general code of image source, as you can see over here. 10 00:00:51,840 --> 00:00:52,920 And what is the source? 11 00:00:53,280 --> 00:00:56,820 The source is from the attacker controlled website. 12 00:00:57,100 --> 00:00:58,670 As you can see for demonstration. 13 00:00:58,680 --> 00:01:02,940 I have put, as I said, Gardot, X, Y, Z and into uploads directly. 14 00:01:02,940 --> 00:01:06,000 I have uploaded an image which is hacked to find out. 15 00:01:07,170 --> 00:01:13,790 So let me just copy this Goyo and paste it over here and he'd go, so let's see what happens. 16 00:01:14,460 --> 00:01:22,740 You can see the HDMI code is successfully executed and the image is successfully loaded over here, 17 00:01:23,190 --> 00:01:25,060 which should not have happened. 18 00:01:25,500 --> 00:01:34,300 Now, as you can see, it says your website is hacked by hacked off site and kindly go to evil dot com. 19 00:01:34,920 --> 00:01:40,880 Similarly, I have created one more Actimel code, so let's copy this and put it over here. 20 00:01:41,310 --> 00:01:48,930 So what into this you can see there is an input button, so obviously we are going to get a button and 21 00:01:49,230 --> 00:01:55,360 we have given on click, which basically means when the button is clicked, location, not a traffic 22 00:01:55,360 --> 00:02:04,530 between means redirect to evil dot com and print the button value to log into a new website so the victim 23 00:02:04,530 --> 00:02:13,200 will get tricked over here and he will think like the button is for the link to the new website. 24 00:02:13,210 --> 00:02:20,250 And once he clicks on it, he's going to get redirected onto the attacker control website, as you can 25 00:02:20,250 --> 00:02:21,360 see over here. 26 00:02:21,810 --> 00:02:28,950 And there can be an exact replica under the attackers controlled domain or website through which the 27 00:02:28,950 --> 00:02:36,050 victim will not know that he or she has been redirected to a fake attacker controlled Web site. 28 00:02:36,630 --> 00:02:40,350 Now you can see there is a button which says login to the new website. 29 00:02:40,350 --> 00:02:46,650 So I'm going to click on this and you can see we have redirected to evil dot com because that is what 30 00:02:46,650 --> 00:02:48,570 we wrote into our code. 31 00:02:49,380 --> 00:02:54,720 Now, you can do a lot of tweaking with this code. 32 00:02:54,720 --> 00:03:00,570 As you can see over here, I have tried to change the style in which I have given the height and the 33 00:03:00,570 --> 00:03:08,700 width as well as well as I'm giving a color y you can just do this little bit of changes and tweaks 34 00:03:08,700 --> 00:03:16,430 according to the website template, so the victim get tricked into clicking that particular button. 35 00:03:16,890 --> 00:03:19,650 So you're I have to use the color green. 36 00:03:19,650 --> 00:03:26,070 You can choose any color you want, according to the website, as you can see, everything, all the 37 00:03:26,070 --> 00:03:27,990 links all here are into blue. 38 00:03:28,020 --> 00:03:30,260 You can choose this blue as well. 39 00:03:30,600 --> 00:03:36,840 So the victim gets tricked into clicking the particular button that you have created. 40 00:03:37,220 --> 00:03:43,080 As you can see, we have also increased the size for the burn notice. 41 00:03:43,080 --> 00:03:44,310 Log into the new website. 42 00:03:44,310 --> 00:03:50,000 And when I click it, I will again get redirected onto the attackers control Web site. 43 00:03:50,490 --> 00:03:56,720 So this was a very, very basic example or demonstration for XHTML injection attacks. 44 00:03:57,150 --> 00:04:05,070 You can follow the Puzey and try to identify the similar kind of entry points or injection point into 45 00:04:05,070 --> 00:04:08,490 any target website to find a general election. 46 00:04:09,370 --> 00:04:16,530 One more thing I would like to share is in many cases, whenever you try to sign up onto any target 47 00:04:16,530 --> 00:04:22,560 website at that particular point of time, when you give your name, the first name and the last name 48 00:04:22,890 --> 00:04:31,260 there, also you can try to input the XHTML tags and you must have noticed that you get an email verification 49 00:04:31,260 --> 00:04:37,680 link or let's say you get a template message which says, Hi, Rohit, welcome on X, Y, Z website. 50 00:04:38,220 --> 00:04:44,490 And that particular time with those first name, last name fields, if you give it HTML tags and you 51 00:04:44,490 --> 00:04:54,900 see there is a XHTML tag, getting executed into the email that you have received is also an indication 52 00:04:54,900 --> 00:04:59,740 of XHTML indication of valid vulnerability may exist on. 53 00:04:59,870 --> 00:05:01,740 That target from application. 54 00:05:02,440 --> 00:05:03,970 So I hope you guys understood this. 55 00:05:04,330 --> 00:05:04,900 Thank you.