Part 3 Reflected XSS HTML context Demo

Video Activity

In this lesson, participants learn how to use Burp Suite to inject malicious script into page.

Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

MicroCourse
Time
9 hours 31 minutes
Difficulty
Beginner
CEU/CPE
3
Video Description

In this lesson, participants learn how to use Burp Suite to inject malicious script into page.

Video Transcription
00:04
Hello and welcome to the cyber very secure coding course. My name is Sonny Wear and this is a lost top 10 for 2013.
00:13
A three cross site scripting demo reflected cross site scripting via HTML context.
00:21
So we're actually going to take a look at the most simplistic, basic example of reflected cross site scripting.
00:29
So if we go to our cross site scripting section
00:33
and we go to reflected d n s, look up,
00:36
we can see that we come to a page that that we can enter some sort of host name or i p address. I'm gonna go ahead and type in local host,
00:50
and you can see the result is some table that displays information about the server in the address.
00:58
Now, what I would like to do is start a perp. Sweet,
01:03
put the intercept on.
01:06
So what I'd like to do is determine if there is a way that I can inject a militia script into this page.
01:15
And if if that's possible, it's due to the fact that the programmer did not put any kind of output in coding
01:23
on the HDP response. So he didn't coat anything inside of the application to prevent reflected cross site scripting. So I'm gonna put in a keyword,
01:36
captured that request. I'm actually gonna send that over to the repeater
01:41
just because it's a lot easier to
01:44
to look at
01:46
how? Click go So I can see my response.
01:51
Let's look up my keyword.
01:57
Okay. And so what I can see is that in the response,
02:01
I am just dealing with a string in between an html div tag. So here's my HTML def tag.
02:13
Uh, there's just some text in between the death tax
02:19
and then everything else is closed off. So
02:22
this should be a very easy way to inject my malicious script
02:27
in between these two tags here. And I don't have to add any kind of special
02:32
ending
02:35
two to the tags or anything like that, because it's just very cleanly being shown here and reflected back If we look at the page itself,
02:50
we can see that that this value does indeed get reflected back on the website. So that means I should be able to insert my
03:00
my payload. So let me go back to the repeater,
03:07
and I'm going to instead
03:09
go ahead and put my
03:13
my malicious script. Now
03:15
the malicious script normally in an attack, would be something that you cannot see.
03:21
It would be an attack that happens behind the Web page so that the user is unaware.
03:29
But in order to demonstrate that something is happening, that malicious script is actually
03:37
executing. Ah, lot of times presentations will use the alert function. And so
03:45
sometimes something is lost in that because it doesn't seem it doesn't seem very evil. But it's just a way to show you that
03:54
any kind of job script could be inserted and it would execute. So I'm gonna go ahead. And
04:00
actually, I'm gonna try to
04:04
display the cookie that's in the Dom.
04:12
And I just need to add my
04:15
script tags
04:25
and I'm actually going to send this over to the decoder
04:34
and in code, this is U R L.
04:41
And go back to my proxy, turned my interceptor on,
04:49
capture my request,
04:53
replace thieve valid value with my payload,
05:00
and you can see that I have captured the cookie, which is PHP session I D.
05:08
And there's the encrypted cookie.
05:10
And so this is the most basic example.
05:13
Have a reflected cross site scripting vulnerability, and it's exploitation
Up Next