1
00:00:02,880 --> 00:00:10,050
Now let's have a look on the medium security level and see if we can inject our code and run javascript

2
00:00:10,050 --> 00:00:12,600
code on the target website.

3
00:00:12,620 --> 00:00:18,430
So this is the the exploit that we're using or the payload that we're using.

4
00:00:18,780 --> 00:00:25,190
So I just want to before I change the security level to medium I want to show you what the website looks

5
00:00:25,190 --> 00:00:25,430
like.

6
00:00:25,430 --> 00:00:33,750
So if we just right click in here on the hello and go to inspect element going to make this a little

7
00:00:33,750 --> 00:00:34,520
bit bigger.

8
00:00:36,400 --> 00:00:42,430
So this will actually show us the source code for this specific part of the web page.

9
00:00:42,490 --> 00:00:49,450
So if we look at it you'll see that we have hello which is being written automatically by the program

10
00:00:49,930 --> 00:00:54,130
and the lowest is followed by this trip that we injected.

11
00:00:54,130 --> 00:01:01,270
So it's being injected exactly the same way that we we write it in the text box which is why it's been

12
00:01:01,270 --> 00:01:08,160
executed on the web page so we can see script alert access and then the script tags close which is causing

13
00:01:08,170 --> 00:01:11,010
the script to be executed on the page.

14
00:01:11,020 --> 00:01:13,740
Now let's go ahead and increase the security level

15
00:01:17,450 --> 00:01:21,420
and we're going to set it to medium.

16
00:01:21,430 --> 00:01:28,830
Now we're going to go back to The Exorcist reflected and I'm going to paste the same exploit that we

17
00:01:28,830 --> 00:01:34,260
use and hit submit and you'll see that it's not going to work.

18
00:01:34,260 --> 00:01:39,720
Also notice in the no security level we only see in Halo and everything here was like we didn't see

19
00:01:39,720 --> 00:01:40,470
anything.

20
00:01:40,470 --> 00:01:42,870
Now we see alerts access.

21
00:01:43,140 --> 00:01:46,480
So it's not the pop up is not showing up.

22
00:01:46,680 --> 00:01:52,550
And if we look at the code you'll see that the start of the tag and the end of the tag are not being

23
00:01:52,590 --> 00:01:57,840
injected in here so it's being filtered somehow because all we see here is just hello and then we can

24
00:01:57,840 --> 00:01:59,500
see the alert exercise.

25
00:01:59,640 --> 00:02:06,320
That's why the code is not being executed because it's not placed inside the script tags.

26
00:02:06,460 --> 00:02:10,640
This tells us that they probably are used in some sort of a filter.

27
00:02:10,690 --> 00:02:13,290
Remove the script from here.

28
00:02:13,370 --> 00:02:19,140
Now there's so many ways that you can bypass filters and other type of protection from access.

29
00:02:19,220 --> 00:02:25,300
The best resource is a cheat sheet made by Austin which can be located on the following link.

30
00:02:25,400 --> 00:02:29,260
I'm going to add this link in the resources of this video.

31
00:02:29,450 --> 00:02:32,740
For now I'm actually not going to use anything that's mentioned in the link.

32
00:02:32,870 --> 00:02:38,450
We're just going to do something that's really simple because I think all they're doing is they're just

33
00:02:38,810 --> 00:02:45,050
looking for this world and they're removing it from the input so we can use the exact same exploit right

34
00:02:45,050 --> 00:02:45,510
here.

35
00:02:45,770 --> 00:02:52,690
Instead we're just going to do what we used to do with the skill injection and just capitalize some

36
00:02:52,700 --> 00:02:58,690
of the letters so we're going to have script was going to capitalize it like this and then I'll capsulized

37
00:02:58,690 --> 00:03:01,290
this one as well or probably just that are in here.

38
00:03:02,340 --> 00:03:05,520
And then I'm going to inject this and the page

39
00:03:11,060 --> 00:03:17,490
and as you can see now this works which allow that allow us to bypass the filter used on that Web site.

40
00:03:17,740 --> 00:03:20,560
Now this is a really really simple way of exploiting it.

41
00:03:21,830 --> 00:03:28,250
Now somewhat sites actually check for quotes and enable magic quotes which basically remove the quotes

42
00:03:28,250 --> 00:03:32,990
from the string that you don't want from the text that you don't put and in a future video we'll see

43
00:03:32,990 --> 00:03:34,920
how we bypass that.

44
00:03:35,040 --> 00:03:37,170
That's also included in the cheat sheet.

45
00:03:37,170 --> 00:03:40,690
I'm going to add in the description and the resources.

46
00:03:40,800 --> 00:03:47,220
Also there is a number of nice exploits or payloads that included in the cheat sheet as well.

47
00:03:47,250 --> 00:03:50,320
For example you can inject stuff as an 8.

48
00:03:50,610 --> 00:03:55,860
You can inject stuff as well as an event of a job as a javascript event.

49
00:03:55,860 --> 00:03:59,880
So when the mouse goes over that particular protocol will be executed.

50
00:04:00,270 --> 00:04:08,100
And you can also injected you can give an image and give a wrong source code and get the script to run

51
00:04:08,280 --> 00:04:09,480
when there is an error.

52
00:04:09,720 --> 00:04:13,290
Since you're given a wrong source code or source you are l for the image.

53
00:04:13,470 --> 00:04:15,370
The code will work anyway.

54
00:04:15,510 --> 00:04:18,020
Let's have a look on this one.

55
00:04:18,030 --> 00:04:20,770
So again we're just going to paste it in here.

56
00:04:21,800 --> 00:04:27,190
And as you can see the code will work here and all of this is included in the cheat sheet.

57
00:04:27,380 --> 00:04:32,120
And you can go ahead and there I'm going to add it and the resources you get have a look on them and

58
00:04:32,120 --> 00:04:33,000
try them all.