Hello and welcome to the cyber very secure coding course. My name is Sonny Wear and this is a lost top 10 for 2013.
A three cross site scripting demo reflected cross site scripting via HTML context.
So we're actually going to take a look at the most simplistic, basic example of reflected cross site scripting.
So if we go to our cross site scripting section
and we go to reflected d n s, look up,
we can see that we come to a page that that we can enter some sort of host name or i p address. I'm gonna go ahead and type in local host,
and you can see the result is some table that displays information about the server in the address.
Now, what I would like to do is start a perp. Sweet,
put the intercept on.
So what I'd like to do is determine if there is a way that I can inject a militia script into this page.
And if if that's possible, it's due to the fact that the programmer did not put any kind of output in coding
on the HDP response. So he didn't coat anything inside of the application to prevent reflected cross site scripting. So I'm gonna put in a keyword,
captured that request. I'm actually gonna send that over to the repeater
just because it's a lot easier to
how? Click go So I can see my response.
Let's look up my keyword.
Okay. And so what I can see is that in the response,
I am just dealing with a string in between an html div tag. So here's my HTML def tag.
Uh, there's just some text in between the death tax
and then everything else is closed off. So
this should be a very easy way to inject my malicious script
in between these two tags here. And I don't have to add any kind of special
two to the tags or anything like that, because it's just very cleanly being shown here and reflected back If we look at the page itself,
we can see that that this value does indeed get reflected back on the website. So that means I should be able to insert my
my payload. So let me go back to the repeater,
and I'm going to instead
my malicious script. Now
the malicious script normally in an attack, would be something that you cannot see.
It would be an attack that happens behind the Web page so that the user is unaware.
But in order to demonstrate that something is happening, that malicious script is actually
executing. Ah, lot of times presentations will use the alert function. And so
sometimes something is lost in that because it doesn't seem it doesn't seem very evil. But it's just a way to show you that
any kind of job script could be inserted and it would execute. So I'm gonna go ahead. And
actually, I'm gonna try to
display the cookie that's in the Dom.
And I just need to add my
and I'm actually going to send this over to the decoder
and in code, this is U R L.
And go back to my proxy, turned my interceptor on,
replace thieve valid value with my payload,
and you can see that I have captured the cookie, which is PHP session I D.
And there's the encrypted cookie.
And so this is the most basic example.
Have a reflected cross site scripting vulnerability, and it's exploitation