1
00:00:02,180 --> 00:00:03,030
Hello, everyone.

2
00:00:03,800 --> 00:00:09,350
So in this video, we are going to see a female injection onto a live Web site.

3
00:00:10,250 --> 00:00:14,880
So as you already know, what is its general election?

4
00:00:15,620 --> 00:00:25,490
We are going to insert over its HTML tags into any indication point onto the target application and

5
00:00:25,490 --> 00:00:30,260
of the Web application interprets or executes our bags.

6
00:00:30,440 --> 00:00:34,010
Then it is vulnerable to the injection attack.

7
00:00:34,790 --> 00:00:36,050
As you can see or hear.

8
00:00:36,380 --> 00:00:43,430
The tags that I have written is the actual tag, the heading one back in which I have written it as

9
00:00:43,430 --> 00:00:46,510
a heading and heading back closed.

10
00:00:46,520 --> 00:00:55,850
So I'm going to copy this and I'm going to go on to a website which is online learning Harward Dot Edu,

11
00:00:55,850 --> 00:00:59,420
as you can see over here, and there is a search box over here.

12
00:00:59,870 --> 00:01:02,990
So it is considered as my entry point.

13
00:01:03,590 --> 00:01:10,310
As you can see, I'm not able to find any results or here, so I'm going to change the H1 back to let's

14
00:01:10,310 --> 00:01:12,920
say it's too dark and hit enter.

15
00:01:13,640 --> 00:01:16,580
Let's see if it is getting executed or not.

16
00:01:16,580 --> 00:01:18,490
And yes, it got executed.

17
00:01:19,070 --> 00:01:25,880
Now, if I change the tags and if I see if anything changes into the search query.

18
00:01:27,520 --> 00:01:36,940
Let's see this and you can see it got changed, which means the target web application is actually interpreting

19
00:01:36,940 --> 00:01:46,400
and executing whatever has been given as a query, which indicates that this is vulnerable to its general

20
00:01:46,450 --> 00:01:47,070
election.

21
00:01:47,560 --> 00:01:56,800
As you can see, when I used it to H3 three AT4, it kept on changing the search query that I am heading

22
00:01:56,800 --> 00:01:58,040
into the search box.

23
00:01:58,600 --> 00:01:59,110
All right.

24
00:01:59,870 --> 00:02:06,580
So I have created an image over here, as you can see, and I have posted this onto the Target website,

25
00:02:07,570 --> 00:02:17,170
which is my Web site, and I'm going to give the part of that particular image into the entry point,

26
00:02:17,170 --> 00:02:18,030
which is over here.

27
00:02:18,050 --> 00:02:21,580
So I'm going to give this and I'm going to search for it.

28
00:02:21,910 --> 00:02:31,930
And I will see if this Harvard University Web site is able to load the particular image that I have

29
00:02:32,050 --> 00:02:33,970
hosted onto my Web site.

30
00:02:34,300 --> 00:02:38,540
And if it loads it, then this is what they will do, its general election.

31
00:02:39,310 --> 00:02:44,260
Now, if you remember for this, we use that image source tags.

32
00:02:44,740 --> 00:02:53,830
So you can see over here I have used that image source tags, which you can see or hear the entry point

33
00:02:53,830 --> 00:02:56,770
or the inflection point is keywords equals two.

34
00:02:57,100 --> 00:02:59,630
And what is the key word that has been searched for?

35
00:02:59,680 --> 00:03:07,540
It is image source equals to as as accurate x X-ray said upload slash rectified RPG.

36
00:03:08,080 --> 00:03:11,540
And the successful image is getting loaded over here.

37
00:03:12,010 --> 00:03:16,320
So this indicates the website is vulnerable to HIV infection.

38
00:03:16,660 --> 00:03:24,820
And now if this particular you are is being shared with anyone, they may come across this Web page

39
00:03:25,090 --> 00:03:32,410
and they will think like, all right, this website is down and they may get tricked in going to evil

40
00:03:32,440 --> 00:03:33,160
dot com.

41
00:03:33,490 --> 00:03:41,350
And if they go to that particular evil dot com and submit their credentials, then it will compromise

42
00:03:41,350 --> 00:03:44,810
their confidentiality and integrity.

43
00:03:45,310 --> 00:03:50,330
So I have posted the link over here, which we are trying to load.

44
00:03:50,620 --> 00:03:56,310
So this is because it is getting loaded over here and this is how it looks like.

45
00:03:56,740 --> 00:03:58,360
So I hope you guys understood this.

46
00:03:59,050 --> 00:03:59,650
Thank you.