1
00:00:00,180 --> 00:00:01,710
So I lie just a little bit.

2
00:00:01,710 --> 00:00:07,890
I actually want to cover reflected cross site scripting first because it's going to be a tad easier

3
00:00:07,890 --> 00:00:08,970
here.

4
00:00:08,970 --> 00:00:15,210
So I want to first cover the scoreboard and then I want to cover the methodology and then we'll talk

5
00:00:15,210 --> 00:00:21,330
about the actual reflected cross-eyed scripting which again in Docker it's not going to allow us to

6
00:00:21,330 --> 00:00:22,270
perform.

7
00:00:22,280 --> 00:00:22,980
That's OK.

8
00:00:22,980 --> 00:00:24,000
I got you covered.

9
00:00:24,000 --> 00:00:26,700
I'll show you an example of it elsewhere.

10
00:00:26,700 --> 00:00:36,020
So here if we go in to our scoreboard let's take a look at the scoreboard really quick and we sort down

11
00:00:36,020 --> 00:00:38,710
here by cross-eyed scripting only.

12
00:00:38,930 --> 00:00:40,930
We have all of our options.

13
00:00:41,030 --> 00:00:46,070
Now we're going to be covering reflected and we're going to be covering the story.

14
00:00:46,100 --> 00:00:46,670
OK.

15
00:00:46,740 --> 00:00:49,100
So there's classic stored and reflected.

16
00:00:49,100 --> 00:00:53,020
You're welcome to go through the rest of these read the write up see what's going on.

17
00:00:53,030 --> 00:00:58,700
The one I do want you to focus on for the scope of this course is I want you to focus on the DOM cross

18
00:00:58,720 --> 00:00:59,900
and scripting.

19
00:00:59,960 --> 00:01:00,660
Guess what.

20
00:01:00,660 --> 00:01:03,330
There's an interactive tutorial for this.

21
00:01:03,350 --> 00:01:04,130
That's great.

22
00:01:04,130 --> 00:01:06,010
It's going to teach you how to do this.

23
00:01:06,050 --> 00:01:08,630
Step by step and I think it's perfect.

24
00:01:08,660 --> 00:01:13,580
So the nice thing here is they give you the payload or at least the payload on how they want you to

25
00:01:13,580 --> 00:01:14,990
start.

26
00:01:15,050 --> 00:01:20,150
So you can copy this payload in try to use that around the Web site and see what's going on.

27
00:01:20,150 --> 00:01:22,190
I'm going to go ahead and copy this.

28
00:01:22,190 --> 00:01:30,260
Now what I would do if I were a pen testing this Web site I would come through here and I would expect

29
00:01:30,350 --> 00:01:34,730
anything and everything that had an input or a parameter.

30
00:01:34,730 --> 00:01:36,870
And this is a good place for brb sweet as well.

31
00:01:36,870 --> 00:01:41,270
Burps it's pretty good at actually finding reflective cross site scripting.

32
00:01:41,270 --> 00:01:47,030
So again that crawling aspect in the active scanning aspect is really nice because it might pick up

33
00:01:47,030 --> 00:01:47,890
some of these.

34
00:01:48,080 --> 00:01:54,080
But what I'm after is something like for example this banana juice and I want to look at the reviews

35
00:01:54,080 --> 00:01:54,530
for it.

36
00:01:54,560 --> 00:01:57,230
OK well look there's a review box here.

37
00:01:57,230 --> 00:01:58,030
What if I tried.

38
00:01:58,040 --> 00:02:06,780
Just you know no placing this in here and submitting it well OK it's in here but nothing's happening

39
00:02:06,780 --> 00:02:09,160
with close allies try to open up again.

40
00:02:09,340 --> 00:02:10,360
Still nothing.

41
00:02:10,390 --> 00:02:12,910
And you know this is a good example of stored.

42
00:02:13,240 --> 00:02:17,050
So in terms of storage right this is happening on the server.

43
00:02:17,050 --> 00:02:21,470
This is now stored on the server but it's not executing anything for us.

44
00:02:21,580 --> 00:02:22,690
That's that's fine.

45
00:02:22,690 --> 00:02:24,000
OK well it doesn't work there.

46
00:02:24,010 --> 00:02:28,630
Maybe a search bar you know maybe I'll come up here and I'll paste it hit enter and maybe something

47
00:02:28,630 --> 00:02:30,140
will work.

48
00:02:30,150 --> 00:02:31,400
What do you know that worked.

49
00:02:31,400 --> 00:02:36,750
That's a dom based cross site scripting don't do anything.

50
00:02:36,760 --> 00:02:40,090
Go read the walkthrough followed along again.

51
00:02:40,180 --> 00:02:41,320
But look at that.

52
00:02:41,320 --> 00:02:42,750
That was that easy right.

53
00:02:42,760 --> 00:02:49,510
You can find it that easy so you can come through and maybe you know there's a complaint form the about

54
00:02:49,510 --> 00:02:50,860
us photo wall.

55
00:02:50,890 --> 00:02:55,990
There's different things what about in your account when you go to testing and you say Oh look I've

56
00:02:55,990 --> 00:03:03,430
got a user name here or I've got a U url or something here that I can put maybe you want to set a username

57
00:03:03,430 --> 00:03:05,580
use a set username.

58
00:03:05,980 --> 00:03:09,130
MAN Look they they took out are part of our code.

59
00:03:09,130 --> 00:03:12,670
We had the I famous I see but they they removed part of it.

60
00:03:12,700 --> 00:03:17,580
So it looks like they're filtering stuff here and we'll talk about that later.

61
00:03:17,590 --> 00:03:25,100
But the point that I'm getting at here is you want to attempt to attack any parameter that you can.

62
00:03:25,150 --> 00:03:26,740
OK so you want to click around.

63
00:03:26,770 --> 00:03:29,960
If there's a field you could insert something into like this.

64
00:03:29,980 --> 00:03:30,810
That's a good one.

65
00:03:30,820 --> 00:03:33,340
If you come up here you see something like this.

66
00:03:33,370 --> 00:03:34,060
That's a spot.

67
00:03:34,060 --> 00:03:39,370
Maybe you want to try it or again if you see like remember the reflected example where you saw a question

68
00:03:39,370 --> 00:03:44,020
mark equals you might want to try that too where you just entered the eye frame and see if you can get

69
00:03:44,020 --> 00:03:45,560
it to work.

70
00:03:45,610 --> 00:03:49,100
So there's lots of different places here that we can try this.

71
00:03:49,120 --> 00:03:54,490
Now what we're going to do is we're going to take a look at something called cross site scripting game

72
00:03:54,910 --> 00:03:58,690
and what it's going to do is just allow us to practice.

73
00:03:58,720 --> 00:04:04,720
So if you go out to the Web and I'm just gonna open up a new tab and I will submit this again for you

74
00:04:04,720 --> 00:04:05,590
guys.

75
00:04:05,590 --> 00:04:10,990
This is the address access s dash game app spot dot com and go ahead and hit enter.

76
00:04:11,950 --> 00:04:19,210
And if for some reason this does not work any longer than just understand that how this is working what

77
00:04:19,210 --> 00:04:24,070
we're testing for and why it happens is just as important as actually getting it to execute on your

78
00:04:24,070 --> 00:04:25,400
side.

79
00:04:25,420 --> 00:04:32,410
So unfortunately again we can't execute on Docker for this specific vulnerability with cross-eyed scripting

80
00:04:32,410 --> 00:04:37,190
says application itself is kind of weird in the sense that it allows us to have some.

81
00:04:37,210 --> 00:04:40,510
And depending on the different type or running it.

82
00:04:40,510 --> 00:04:47,020
So here cross site scripting and it says level 1 Hello World of cross-eyed scripting.

83
00:04:47,140 --> 00:04:49,450
So let's go ahead and just get a pop up on here.

84
00:04:49,450 --> 00:04:51,310
Again it's a search bar.

85
00:04:51,310 --> 00:04:51,610
Right.

86
00:04:51,610 --> 00:04:57,580
And we're just going to talk about an example we'll say script alert 1 or alert.

87
00:04:57,700 --> 00:04:57,930
Yeah.

88
00:04:57,940 --> 00:05:05,390
One like this and we'll just say slash script and we'll give it a go and I'm going to copy that and

89
00:05:05,390 --> 00:05:08,220
hit search and look at that.

90
00:05:08,360 --> 00:05:13,340
They went ahead and search for us and it gave that pop up and we have that question mark.

91
00:05:13,340 --> 00:05:20,600
Query equals here and you see now that we've got this pop up and that's really like what a reflective

92
00:05:20,600 --> 00:05:21,590
would look like.

93
00:05:21,620 --> 00:05:22,640
OK.

94
00:05:22,970 --> 00:05:28,340
You would see reflected here and it's going to reflect and it's not stored anywhere.

95
00:05:28,370 --> 00:05:32,180
So if we left and came back to the page guess what.

96
00:05:32,380 --> 00:05:33,600
It's not going to be there.

97
00:05:33,820 --> 00:05:38,570
And if we try here maybe this is looking like a storm because this is a comment post right.

98
00:05:38,590 --> 00:05:44,050
We come in here and obfuscated it well maybe we're not good enough here to figure out quite yet.

99
00:05:44,140 --> 00:05:49,120
This could be a game that you can definitely come through and play and see what's happening and let's

100
00:05:49,120 --> 00:05:49,720
go again.

101
00:05:49,720 --> 00:05:52,600
Maybe this is had something for us but it didn't.

102
00:05:52,600 --> 00:05:56,760
So this is just an idea here you can play at these games see what it looks like.

103
00:05:56,770 --> 00:06:01,240
But all we're after is that pop up and you got to see what that looks like.

104
00:06:01,360 --> 00:06:05,290
Now in the next one it's going to be a little bit more fun and a little bit more engaging because we

105
00:06:05,290 --> 00:06:11,970
actually get to mess around with not only a store cross-eyed scripting but a store across cross-eyed

106
00:06:11,970 --> 00:06:15,720
scripting that we have to think about to actually figure out.

107
00:06:15,760 --> 00:06:19,090
So I'll meet you over the next video and we start talking about store across a scripting.

108
00:06:19,090 --> 00:06:22,030
We do a little bit of bypassing so I'll see you over there.