Part 3 Reflected XSS HTML context Demo

Video Activity

In this lesson, participants learn how to use Burp Suite to inject malicious script into page.

Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
9 hours 31 minutes
Difficulty
Intermediate
CEU/CPE
10
Video Description

In this lesson, participants learn how to use Burp Suite to inject malicious script into page.

Video Transcription
00:04
Hello and welcome to the cyber very secure coding course. My name is Sonny Wear and this is a lost top 10 for 2013.
00:13
A three cross site scripting demo reflected cross site scripting via HTML context.
00:21
So we're actually going to take a look at the most simplistic, basic example of reflected cross site scripting.
00:29
So if we go to our cross site scripting section
00:33
and we go to reflected d n s, look up,
00:36
we can see that we come to a page that that we can enter some sort of host name or i p address. I'm gonna go ahead and type in local host,
00:50
and you can see the result is some table that displays information about the server in the address.
00:58
Now, what I would like to do is start a perp. Sweet,
01:03
put the intercept on.
01:06
So what I'd like to do is determine if there is a way that I can inject a militia script into this page.
01:15
And if if that's possible, it's due to the fact that the programmer did not put any kind of output in coding
01:23
on the HDP response. So he didn't coat anything inside of the application to prevent reflected cross site scripting. So I'm gonna put in a keyword,
01:36
captured that request. I'm actually gonna send that over to the repeater
01:41
just because it's a lot easier to
01:44
to look at
01:46
how? Click go So I can see my response.
01:51
Let's look up my keyword.
01:57
Okay. And so what I can see is that in the response,
02:01
I am just dealing with a string in between an html div tag. So here's my HTML def tag.
02:13
Uh, there's just some text in between the death tax
02:19
and then everything else is closed off. So
02:22
this should be a very easy way to inject my malicious script
02:27
in between these two tags here. And I don't have to add any kind of special
02:32
ending
02:35
two to the tags or anything like that, because it's just very cleanly being shown here and reflected back If we look at the page itself,
02:50
we can see that that this value does indeed get reflected back on the website. So that means I should be able to insert my
03:00
my payload. So let me go back to the repeater,
03:07
and I'm going to instead
03:09
go ahead and put my
03:13
my malicious script. Now
03:15
the malicious script normally in an attack, would be something that you cannot see.
03:21
It would be an attack that happens behind the Web page so that the user is unaware.
03:29
But in order to demonstrate that something is happening, that malicious script is actually
03:37
executing. Ah, lot of times presentations will use the alert function. And so
03:45
sometimes something is lost in that because it doesn't seem it doesn't seem very evil. But it's just a way to show you that
03:54
any kind of job script could be inserted and it would execute. So I'm gonna go ahead. And
04:00
actually, I'm gonna try to
04:04
display the cookie that's in the Dom.
04:12
And I just need to add my
04:15
script tags
04:25
and I'm actually going to send this over to the decoder
04:34
and in code, this is U R L.
04:41
And go back to my proxy, turned my interceptor on,
04:49
capture my request,
04:53
replace thieve valid value with my payload,
05:00
and you can see that I have captured the cookie, which is PHP session I D.
05:08
And there's the encrypted cookie.
05:10
And so this is the most basic example.
05:13
Have a reflected cross site scripting vulnerability, and it's exploitation
Up Next
Secure Coding

In the Secure Coding training course, Sunny Wear will show you how secure coding is important when it comes to lowering risk and vulnerabilities. Learn about XSS, Direct Object Reference, Data Exposure, Buffer Overflows, & Resource Management.

Instructed By