1
00:00:04,260 --> 00:00:05,160
Hello, everyone.

2
00:00:05,280 --> 00:00:06,440
Welcome to my calls.

3
00:00:07,170 --> 00:00:12,720
In this lecture, you will learn about finding common injection vulnerabilities.

4
00:00:14,940 --> 00:00:26,410
Is out of her that is running an application can be compromised using arbitrary operating system command.

5
00:00:26,850 --> 00:00:36,900
If there are certain types of wave security Merner abilities, these commands compromise the application

6
00:00:37,380 --> 00:00:39,150
and all its data.

7
00:00:40,020 --> 00:00:50,070
Not only that an attacker can take and Mondays are always common induction burner abilities to compromise

8
00:00:50,460 --> 00:01:01,350
other parts of the hosting infrastructure and finally attract other applications related to the compromised

9
00:01:01,620 --> 00:01:02,130
one.

10
00:01:04,050 --> 00:01:05,890
Edip invitation disturbed.

11
00:01:06,270 --> 00:01:15,700
Your job is to find whether an attack again Romney is creep into the evildoers, rather to inject said

12
00:01:16,230 --> 00:01:16,630
sin.

13
00:01:16,740 --> 00:01:19,230
Come on, this is early.

14
00:01:19,530 --> 00:01:26,630
The attackers use an input point to inject shale commands into the Web site.

15
00:01:27,540 --> 00:01:37,290
The Web site takes that input in such cases that target the site does not suspect anything.

16
00:01:37,860 --> 00:01:47,820
And if there are panel, I believe it is in no position to resist those attacks AGP and disturb.

17
00:01:48,420 --> 00:01:55,140
You should also know the difference between with common injection and a code injection.

18
00:01:56,340 --> 00:02:04,440
Chorded injection allows the attacker to add their code with is then executed by the application.

19
00:02:04,860 --> 00:02:07,900
The always common injection does not add.

20
00:02:08,130 --> 00:02:15,780
Thus the way the attacker only extends the default functionality of the application.

21
00:02:16,410 --> 00:02:20,310
The application then executes system commands.

22
00:02:22,240 --> 00:02:33,110
This company or is common injection, discovering it or encoding are security loopholes in a software

23
00:02:33,920 --> 00:02:40,490
operating systems or networks, it done by flood testing.

24
00:02:41,540 --> 00:02:51,650
Our attempts to make it crash in polls, in reporting a massive amount of data call parsing.

25
00:02:53,880 --> 00:03:03,370
Whether the application has behind their abilities can be determined by parsing with a command debaters

26
00:03:03,660 --> 00:03:04,590
such as.

27
00:03:07,730 --> 00:03:20,030
Karma and double and and parallel, these are common Patos, the mahadi from one operating system to

28
00:03:20,120 --> 00:03:20,750
another.

29
00:03:21,800 --> 00:03:26,270
Hard to works on Linux may not work on Windows.

30
00:03:28,870 --> 00:03:31,000
We will do that in a moment.

31
00:03:31,120 --> 00:03:32,170
With the help of.

32
00:03:33,970 --> 00:03:36,110
M.D. Lee De.

33
00:03:37,160 --> 00:03:42,620
An Indian Shonali vulnerable Web application.

34
00:03:43,370 --> 00:03:48,590
We will look for it all that are related to the operating system.

35
00:03:49,160 --> 00:03:57,290
We will also look for some unusual output in the response in our heart to our lab.

36
00:03:57,620 --> 00:03:59,640
Let us open the order.

37
00:03:59,710 --> 00:04:04,640
Blue is be rocking Web applications and a colleague.

38
00:04:06,250 --> 00:04:07,630
Milty Leedy.

39
00:04:08,630 --> 00:04:13,490
We will estado with the N is look up S..

40
00:04:15,060 --> 00:04:16,560
This is the figure.

41
00:04:19,590 --> 00:04:21,080
Let us issue commerce.

42
00:04:21,920 --> 00:04:23,480
Separated by.

43
00:04:24,950 --> 00:04:28,590
Go alone in the deep end if look off field.

44
00:04:32,760 --> 00:04:33,120
We.

45
00:04:34,170 --> 00:04:36,170
Get this output.

46
00:04:37,670 --> 00:04:42,650
Well, the whole directory listing is visible.

47
00:04:45,480 --> 00:04:47,760
The output is quite straightforward.

48
00:04:47,820 --> 00:04:56,990
Furthermore, it assures us that more or is Carmines injection are possible in this abnegation.

49
00:04:59,040 --> 00:05:03,540
Injecting and exploiting malicious Gaumont.

50
00:05:06,000 --> 00:05:16,680
Since most user accounts to have permission to execute directory listings by default, we can try to

51
00:05:16,680 --> 00:05:25,140
inject operating system command thatthe that one is and a D the first one will execute only.

52
00:05:25,890 --> 00:05:28,530
And the second one will work on windows.

53
00:05:29,160 --> 00:05:36,540
These commands will run in the context of a Web server user, not a normal user.

54
00:05:38,070 --> 00:05:39,250
Here we were.

55
00:05:39,320 --> 00:05:45,090
It was Barb Thweatt to inject malicious commerce into the application.

56
00:05:46,150 --> 00:05:47,230
Milty Leedy.

57
00:05:48,950 --> 00:05:58,900
We will exploit it by comparing the two responses, atypical, simple request to the server.

58
00:05:59,450 --> 00:06:03,810
Will they give us their response with their certain content?

59
00:06:05,120 --> 00:06:12,520
How you've heard when we inject malicious comments, the content lent becomes longer.