1
00:00:01,190 --> 00:00:03,860
Hello, everyone, and welcome to this video.

2
00:00:04,640 --> 00:00:12,050
So in this video, we are going to perform SRF attack with GIRARDEAU means also we are going to see

3
00:00:12,050 --> 00:00:18,230
how can we escalate it and also combine it with exercice attacks.

4
00:00:18,590 --> 00:00:19,040
All right.

5
00:00:19,040 --> 00:00:20,060
So let's quickly start.

6
00:00:20,970 --> 00:00:27,930
So we are going to induce a SRF in the venerable version of JIRA in the venerable barometer's and willing

7
00:00:27,930 --> 00:00:30,470
to exploit it, and what is the wonderful barometer?

8
00:00:30,480 --> 00:00:32,420
It is consumer you are.

9
00:00:33,570 --> 00:00:40,440
So we are going to use this and perform SRF and also we will look how can we perform Exercice with that?

10
00:00:41,830 --> 00:00:47,150
Now, to understand this year is a very, very simple principle with the help of animation.

11
00:00:47,170 --> 00:00:48,530
So let's understand this.

12
00:00:49,570 --> 00:00:51,540
So here is the first attacker.

13
00:00:51,820 --> 00:00:54,920
Second is the wonderful application, which is example dot com.

14
00:00:55,060 --> 00:00:59,120
And third is the attacker controlled domain, which is attacker dot com.

15
00:01:00,460 --> 00:01:05,620
So first, the attacker is going to send the request to example dot com, which is a get request.

16
00:01:05,980 --> 00:01:07,150
The host is example.

17
00:01:07,150 --> 00:01:11,740
And the consumer, you are a vulnerable parameter, says Google dot com.

18
00:01:11,950 --> 00:01:18,490
So the target applications and the response to the attacker and it successfully redirects to Google

19
00:01:18,490 --> 00:01:19,060
dot com.

20
00:01:19,360 --> 00:01:25,630
So we have seen that we are able to induce a third party request from example, dot com to Google dot

21
00:01:25,630 --> 00:01:25,920
com.

22
00:01:26,470 --> 00:01:32,770
Now, in order to achieve exercice, we are going to send a request to attack a dot com slash Estacada

23
00:01:32,830 --> 00:01:39,040
dot html and which contains the successful payload of exercice.

24
00:01:39,340 --> 00:01:45,760
And when it gets the response back to the example dot com, it successfully executes the exercice.

25
00:01:46,360 --> 00:01:52,630
So through this technique, the attacker can also perform exercises and steal cookies of other users.

26
00:01:53,760 --> 00:02:01,020
Moving ahead, it is a practical time and let's quickly see how can we do this practical and understand

27
00:02:01,020 --> 00:02:01,370
this?