1
00:00:01,520 --> 00:00:07,610
So the scan is over now and you can see on the left here you have our website clicking on it will show

2
00:00:07,610 --> 00:00:10,050
you some results of the spider web.

3
00:00:10,050 --> 00:00:13,260
It was looking for the files.

4
00:00:13,440 --> 00:00:16,640
The very interesting part is the alerts here.

5
00:00:16,680 --> 00:00:23,480
Right here you can see all the vulnerabilities that have been discovered on the left here you can see

6
00:00:23,480 --> 00:00:25,540
that we have seven red flags.

7
00:00:25,550 --> 00:00:28,760
So these are the high priority alerts.

8
00:00:28,820 --> 00:00:34,670
We have three orange flags and five yellow flags and zero blue.

9
00:00:35,030 --> 00:00:39,360
So these are organized in the order of their severity.

10
00:00:41,760 --> 00:00:48,180
Clicking on any of these categories will expand that and show the threats that have been filed related

11
00:00:48,180 --> 00:00:49,500
to that threat.

12
00:00:49,620 --> 00:00:58,570
For example clicking on the path traverse of you'll see all the or else that can be exploited to read

13
00:00:58,570 --> 00:01:00,890
files from the server.

14
00:01:01,130 --> 00:01:08,600
Clicking on any of these you'll see the city pier of course that was sent in order to discover this.

15
00:01:08,650 --> 00:01:09,960
You'll see the response.

16
00:01:10,100 --> 00:01:15,430
That's why the tool thinks that this is vulnerable and we can see that and the response that it was

17
00:01:15,430 --> 00:01:23,410
able to get the contents of it is password right here you can see the door out that the tool used to

18
00:01:23,410 --> 00:01:26,850
exploit this vulnerability.

19
00:01:26,940 --> 00:01:33,380
And here you can see a description of what the current vulnerability is and how it has been exploited.

20
00:01:37,390 --> 00:01:38,950
And here you can see the risk of it.

21
00:01:38,950 --> 00:01:40,810
So this is very high.

22
00:01:40,810 --> 00:01:46,620
You can see the confidence of how confident the tool about the existence of this vulnerability.

23
00:01:47,080 --> 00:01:53,740
You can see that it's been injected into our page and the attack is trying to get it issued password

24
00:01:55,190 --> 00:02:01,390
so let's try it and right click on this and open it and browser.

25
00:02:01,570 --> 00:02:07,630
And as you can see now it exploited it for us and it showed us the output for this vulnerability.

26
00:02:07,750 --> 00:02:13,040
And we can read the content of it is the password and you can see that the exploit is being exploited.

27
00:02:13,060 --> 00:02:17,890
And this you out right here let's have a look at another example.

28
00:02:21,690 --> 00:02:23,690
For example or cross-site scripting.

29
00:02:24,060 --> 00:02:28,540
And again the tool also checks for post and get parameters.

30
00:02:28,560 --> 00:02:34,870
So sometimes when the parameter when the injection is sent into text boxes or even sent without X-boxes

31
00:02:34,880 --> 00:02:38,540
if it's sent a post parameter you won't see it in the or out.

32
00:02:38,580 --> 00:02:45,090
So it actually checks for post and death and you can see here it found a vulnerability in a post request

33
00:02:45,270 --> 00:02:51,350
and the register page and it also found one in a page.

34
00:02:51,350 --> 00:02:58,930
Again right click and open browser will execute it for us and we can see the code has been executed.

35
00:02:59,300 --> 00:03:04,040
Again we can have the or all of the execution right here if you want to use it with before any other

36
00:03:04,040 --> 00:03:07,560
tools and we can see it in here as well.

37
00:03:07,620 --> 00:03:14,760
You are Albats we use to exploit this vulnerability let's just have one more example of an skill injection

38
00:03:18,590 --> 00:03:19,190
again.

39
00:03:19,310 --> 00:03:23,960
Click on and it will show you why it believes that there is an obscure injection here

40
00:03:28,650 --> 00:03:34,410
it will show with your help and it will show you the fact that he used a used and one equals one

41
00:03:38,160 --> 00:03:40,490
and it's in the parameter password.

42
00:03:40,650 --> 00:03:47,440
And if you remember we actually did exploit this parameter often in this in the browser will show us

43
00:03:47,440 --> 00:03:53,080
that the injection has been is working and it's using their username and password codes up

44
00:03:56,610 --> 00:04:01,260
so that all is very simple very powerful and very useful.

45
00:04:01,290 --> 00:04:07,770
You can play around with it you can play around with the proxy and with the options and see how you

46
00:04:07,770 --> 00:04:11,370
can enhance the results and achieve even better results.