1
00:00:02,940 --> 00:00:08,830
And this lecture and the next few lectures we're going to talk about a vulnerability called excesses

2
00:00:09,520 --> 00:00:16,790
excesses is short for a cross site scripting this type of vulnerability allows an attacker to inject

3
00:00:16,820 --> 00:00:22,480
javascript into a page so javascript is a programming language.

4
00:00:22,670 --> 00:00:29,420
And using this vulnerability an attacker would be able to execute code written in Javascript and to

5
00:00:29,420 --> 00:00:35,670
a certain page into a Web site javascript is a client side language.

6
00:00:35,720 --> 00:00:43,610
So when the code is executed it will be executed on the client on the user on the person who is browsing

7
00:00:43,670 --> 00:00:44,720
the web page.

8
00:00:44,720 --> 00:00:46,670
It's not going to be executed on the server.

9
00:00:46,670 --> 00:00:53,210
So even if your code results into giving you a reverse shell the shell will be coming from the user

10
00:00:53,210 --> 00:00:56,680
who is browsing the page and it's not going to be coming from the Web site.

11
00:00:57,230 --> 00:01:03,920
So any code you write in JavaScript will be exploited or will run on the target user on the people who

12
00:01:03,920 --> 00:01:04,820
see the pages.

13
00:01:04,910 --> 00:01:07,570
And it's not on the web server.

14
00:01:07,640 --> 00:01:16,020
So the web server is only going to be used as means of executing the code or delivering the code there

15
00:01:16,430 --> 00:01:23,490
is three main types of accesses vulnerabilities persistent or stored reflected and done based

16
00:01:26,740 --> 00:01:30,270
distort accesses gets stored into the database.

17
00:01:30,270 --> 00:01:36,450
So the code that you inject will be stored into the database or into the page so that every time any

18
00:01:36,450 --> 00:01:45,300
person views that page your code will be executed and the reflected one the code will only be executed

19
00:01:45,540 --> 00:01:51,040
when the target user runs a specific you're well crafted or written by you.

20
00:01:51,060 --> 00:01:55,260
So you'll be manipulating some sort of your l and send it to a target.

21
00:01:55,380 --> 00:02:03,240
And when they run that target when they run that you are out the code will be executed the dawn based

22
00:02:03,480 --> 00:02:07,710
results from javascript code written on the client.

23
00:02:07,920 --> 00:02:14,430
So the code will actually be interpreted and run on the client side without having any communication

24
00:02:14,430 --> 00:02:16,170
with the web server.

25
00:02:16,170 --> 00:02:22,440
These could be very dangerous because sometimes web servers apply some sort of security infiltration

26
00:02:22,620 --> 00:02:24,240
to check for excesses.

27
00:02:24,270 --> 00:02:28,800
But with Dom based the code never gets sent to the web server.

28
00:02:28,830 --> 00:02:36,240
So the code will be interpreted and run on the web browser without even interacting with the web server

29
00:02:36,660 --> 00:02:41,880
and these will be present into web websites that update their content without refresh.

30
00:02:41,880 --> 00:02:47,040
So we've all used Web sites where you put your user name for example and it loads in straight away without

31
00:02:47,040 --> 00:02:51,380
having to check with the web server or you do you put some sort of a string.

32
00:02:51,540 --> 00:02:56,280
And it does a search without communicating with the web server or does something without communicating

33
00:02:56,280 --> 00:02:57,060
with web server.

34
00:02:57,420 --> 00:03:02,840
So if you're able to inject into that then this injection will not be validated.

35
00:03:02,880 --> 00:03:07,290
So it will be executed straightaway and bypass all validations.