1
00:00:02,840 --> 00:00:09,080
And this lecture and the next few lectures we're going to talk about a vulnerability called Access has

2
00:00:09,550 --> 00:00:17,690
access is short for a cross-site scripting this type of vulnerability allows an attacker to inject javascript

3
00:00:17,960 --> 00:00:26,040
into a page so Javascript is a programming language and using this vulnerability an attacker would be

4
00:00:26,040 --> 00:00:34,670
able to execute code written in javascript into a certain page into a website Javascript is a client

5
00:00:34,670 --> 00:00:35,640
site language.

6
00:00:35,780 --> 00:00:43,670
So when the code is executed it will be executed on the client on the user on the person who is browsing

7
00:00:43,730 --> 00:00:44,710
the web page.

8
00:00:44,780 --> 00:00:46,700
Its not going to be executed on the server.

9
00:00:46,700 --> 00:00:53,270
So even if your code results into giving you a reverse shell the shell will be coming from the user

10
00:00:53,270 --> 00:00:57,290
who is browsing the page and its not going to be coming from the Web site.

11
00:00:57,290 --> 00:01:03,980
So any code you write in javascript will be exploited or will run on the target user on the people who

12
00:01:03,980 --> 00:01:12,710
see the pages and its not on the web server so the web server is only going to be used as means of executing

13
00:01:12,710 --> 00:01:14,670
the code or delivering the code.

14
00:01:16,400 --> 00:01:23,530
There three main types of access as vulnerabilities is persistent or stored reflected and Home-Based

15
00:01:26,730 --> 00:01:30,310
the stored access gets stored into the database.

16
00:01:30,310 --> 00:01:36,490
So the code that you inject will be stored into the database or into the page so that every time any

17
00:01:36,490 --> 00:01:40,080
person views that page your code will be executed.

18
00:01:41,490 --> 00:01:49,590
And reflected one the code will only be executed when the target user runs a specific cure all crafted

19
00:01:49,650 --> 00:01:51,040
or written by you.

20
00:01:51,120 --> 00:01:56,910
So you'll be manipulating some sort of your L and send it to a target and when they run that target

21
00:01:56,910 --> 00:01:58,140
when they run that.

22
00:01:58,370 --> 00:01:59,840
The code will be executed

23
00:02:02,430 --> 00:02:07,890
don't based results from javascript code written on the client.

24
00:02:07,970 --> 00:02:14,510
So the code will actually be interpreted and run on the client side without having any communication

25
00:02:14,510 --> 00:02:16,250
with the web server.

26
00:02:16,250 --> 00:02:22,490
This could be very dangerous because sometimes web servers apply some sort of security infiltration

27
00:02:22,670 --> 00:02:24,200
to check for access.

28
00:02:24,350 --> 00:02:28,750
But with Home-Based the code never gets sent to the web server.

29
00:02:28,880 --> 00:02:36,300
So the call will be interpreted and run on the web browser without even interacting with the web server

30
00:02:36,710 --> 00:02:41,040
and these will be present into websites that update their content.

31
00:02:41,120 --> 00:02:46,180
With that refresh so we've all used Web sites where you put your username for example and it loads in

32
00:02:46,210 --> 00:02:48,960
straight away without having to check with the web server.

33
00:02:49,070 --> 00:02:54,530
Or do you put some sort of a string and it doesn't search without communicating with the web server

34
00:02:54,680 --> 00:02:57,460
or does something with communicating with a web server.

35
00:02:57,470 --> 00:03:02,820
So if you're able to inject into that then this injection will not be validated.

36
00:03:02,930 --> 00:03:07,490
So it will be executed straightaway and bypass all validations.