1
00:00:00,870 --> 00:00:05,820
So initially, we're going to take a look at another article that is actually American action, so this

2
00:00:06,480 --> 00:00:14,260
action arises when the user input is not properly filtered or it's unsanitized input just happening

3
00:00:14,280 --> 00:00:16,020
to the, uh, something.

4
00:00:16,020 --> 00:00:19,820
And it is rendered by the browser attached to an element.

5
00:00:20,370 --> 00:00:24,400
So this is a simple, uh, whichever form I have written.

6
00:00:24,600 --> 00:00:26,970
So this is the submit feedback can see.

7
00:00:26,970 --> 00:00:28,240
Please enter your feedback.

8
00:00:29,160 --> 00:00:30,570
So let me open this.

9
00:00:32,810 --> 00:00:36,050
So this is the form you can see your name.

10
00:00:36,070 --> 00:00:41,780
We should control them and the end, the feedback and upon submission you will get something.

11
00:00:42,170 --> 00:00:44,920
So here what it does is a one submission.

12
00:00:44,930 --> 00:00:49,140
It will it will tell the, uh, thanks for your submission.

13
00:00:49,160 --> 00:00:49,990
My username.

14
00:00:50,000 --> 00:00:51,710
I have entered the user username.

15
00:00:52,340 --> 00:00:54,300
So this is the enter your name.

16
00:00:54,500 --> 00:00:59,780
This is the input I have given him and the feedback for this feedback.

17
00:00:59,810 --> 00:01:04,580
And upon clicking this button this way, function from the JavaScript will get to do good.

18
00:01:04,970 --> 00:01:12,290
I have written this right here in the script, as you guys can see first the in the document not determined

19
00:01:12,290 --> 00:01:13,680
by name, but value.

20
00:01:13,820 --> 00:01:14,960
So we are getting the name.

21
00:01:15,380 --> 00:01:18,140
What we are to put in this text works into this variable.

22
00:01:18,140 --> 00:01:18,710
Name one.

23
00:01:19,010 --> 00:01:23,870
And then what we're going to do is we're going to set this paragraph to this.

24
00:01:23,870 --> 00:01:24,170
Right.

25
00:01:24,320 --> 00:01:27,160
Thanks for your feedback, plus the reviews.

26
00:01:27,860 --> 00:01:32,480
So let me show you Nicole and the feedback.

27
00:01:32,480 --> 00:01:36,280
I like, uh, this wildy.

28
00:01:37,400 --> 00:01:39,360
I like this website.

29
00:01:40,740 --> 00:01:45,320
I know if I would enter, uh, the submit button, you can see.

30
00:01:45,370 --> 00:01:46,250
Thanks for the feedback.

31
00:01:46,760 --> 00:01:52,000
So this is the, uh, this is exactly the value you have entered this text.

32
00:01:52,020 --> 00:01:58,390
So that means this thing is not going maybe not going to convert into string.

33
00:01:58,670 --> 00:01:59,510
It's just happened.

34
00:01:59,720 --> 00:02:06,110
So here you can see I'm just building I did not convert this, uh, value in publishing and just appending

35
00:02:06,110 --> 00:02:06,760
to this thing.

36
00:02:07,280 --> 00:02:14,010
So this problem arises when people want some I want to call the fast.

37
00:02:14,210 --> 00:02:16,820
So he will just keep the press and name one.

38
00:02:18,300 --> 00:02:26,620
So now what we can do is we can inject our original code that search the email and say, I wanted this

39
00:02:26,630 --> 00:02:27,320
to test.

40
00:02:27,800 --> 00:02:29,800
We just execute the 110.

41
00:02:31,940 --> 00:02:43,050
That is harder when it's high and afterwards we cross that out and we are so close the achievement.

42
00:02:46,860 --> 00:02:55,140
So this so now let's push that record here and feedback's and then if I submit this, you can see that

43
00:02:55,140 --> 00:02:56,410
extremity is rendered.

44
00:02:57,720 --> 00:03:05,490
So in this way, you can all in history, you wish this instrument actually still exists because you

45
00:03:05,490 --> 00:03:08,310
can keep the script back and you can execute the Dow.

46
00:03:09,960 --> 00:03:15,890
So now what we're going to do is we are going to get on one, two, three, four.

47
00:03:18,090 --> 00:03:26,610
So we are going to create the pushing site that will look like the user name and password and and submit

48
00:03:26,610 --> 00:03:26,910
button.

49
00:03:28,770 --> 00:03:35,400
So in this scenario, you won't get these text boxes after you submit to another page.

50
00:03:35,670 --> 00:03:40,020
But it's a simple, static, uh, simple, uh, Web page.

51
00:03:40,150 --> 00:03:46,470
I just I'm showing you here, in normal scenario, when you click enter, uh, after your feedback,

52
00:03:46,470 --> 00:03:52,770
then it will turn the page and it will say thanks for your feedback or even this will not show you in

53
00:03:52,770 --> 00:03:53,520
the same page.

54
00:03:54,420 --> 00:04:01,620
So what we're going to do is we are going to create a new fake form that is like let's think of it as

55
00:04:01,620 --> 00:04:04,060
a, uh, Facebook or any other place.

56
00:04:04,080 --> 00:04:07,380
You can just put on the page and you can submit the original here.

57
00:04:09,810 --> 00:04:12,150
I'm saying form an action is equal.

58
00:04:14,760 --> 00:04:17,540
Now I need to specify this IP address.

59
00:04:19,440 --> 00:04:23,880
So this is one or two and the port is one, two, three, four typed here.

60
00:04:30,890 --> 00:04:33,640
And we need to metaphysic to post.

61
00:04:35,930 --> 00:04:41,600
So I know what we're going to do is we are going to say enter username and password.

62
00:04:45,810 --> 00:04:54,000
Now, the decision put, uh, boxes tape is equal to extradite.

63
00:04:56,510 --> 00:05:03,670
And we need to name this variable as a username so that on the cardigan side, we can understand, uh,

64
00:05:03,770 --> 00:05:05,540
this is a user name field.

65
00:05:07,220 --> 00:05:13,610
So now let me give the break a new line, and now we are going to enter password.

66
00:05:18,760 --> 00:05:29,080
So we can type in type two password to make sure that this is not be typing in letters to be a president,

67
00:05:29,230 --> 00:05:30,490
not as a plain text.

68
00:05:31,900 --> 00:05:36,760
So user thinks that it's as if the name is going to pass.

69
00:05:38,620 --> 00:05:49,660
And let's put another break, and now we are going to create the submit button and put a epicycles to

70
00:05:49,660 --> 00:05:58,150
submit and value is equal to value means the value of the text that will be shown on the button.

71
00:05:58,600 --> 00:06:00,020
Value is equal to log.

72
00:06:06,320 --> 00:06:10,540
So now let me close this phone and cross the.

73
00:06:13,570 --> 00:06:16,870
So let me copy this one in the copy.

74
00:06:16,900 --> 00:06:23,200
Now let's read this page and push the original code here and share some feedback.

75
00:06:23,200 --> 00:06:35,430
And you can submit, as you guys can see, we have got the form now and again and again the request

76
00:06:35,560 --> 00:06:38,650
the request will be received by our colonics machine.

77
00:06:41,020 --> 00:06:48,030
Now, you can see this is a post request post this IP address and the username and political statement.

78
00:06:49,630 --> 00:06:53,790
So that's how you do the pushing and using this election.

79
00:06:55,120 --> 00:07:07,720
So all you need to do is you need to make some pushing, pitching and using copier and then change this,

80
00:07:07,720 --> 00:07:11,650
uh, action and the password and something.

81
00:07:12,040 --> 00:07:15,730
She can just simply turn this over so that you use the password.

82
00:07:16,810 --> 00:07:20,350
So the first video, I hope I understood this action.

83
00:07:20,540 --> 00:07:29,830
So the problem arises when you are opening the strength to the user, uh, input, it would be happening

84
00:07:29,840 --> 00:07:34,060
as, uh, normal one without converting into the string.

85
00:07:34,120 --> 00:07:37,770
So that's how the system in action areas.

86
00:07:37,840 --> 00:07:39,460
So you need to convert this into the.