All right. Now we've discovered across the scripting with
Let's discuss, um, Crossing scripted with and Matt.
So what we're gonna do is and map tak p 80. So it's telling and map to scam Port 80
with this script. Here, it's Tak tak script http stored excess s that an s e. And then afterwards you put the target. This script will post specifically crafted strings to every form of discovers.
Let's go check it out. All right, here we are in our Callie environment,
a test here for stored cross site scripting first. So do em. Attack p 80. Support 80
and then we do tactics. Script
http. Stored excess s
and then we're gonna add the tack tack script are GSE. Http Spider Max Page, count 200. We're gonna put our target the end of that.
Remember, we put this script, our eggs, Http, spider that way it crawls the web page and finds all the possible links for it.
We're gonna hit next enter here and see what it gets us.
All right. So I couldn't find any stored cross a scripting. However, there's some other forms of cross site scripting that could be found and exploited, such as Dom based and PHP
cross site scripting as well. So we're gonna run those scans and see what we get back from them.
So how we do that is
we do the same exact command as you did
before, except instead of http stored excess you're gonna put Dom based excess s instead so D o m b
We're gonna head out there, see what we get back from da based.
And it has found a potential
Don based cross a scripting attack,
which is fantastic. So
now we have a potential target page here to start trying to craft an attack.
let's check Check out PHP Self
and ah, Strayer us on an attack. Well, a check
for this type of cross a script, and let's see if we get a bit more back.
All right, so it has found
and vulnerable and exploitable vulnerability here. So if we if you look down here, we can see the page
that it was used that the page that was vulnerable and you could see
that They created a script here
and caused an alert prompt to pop up
with the number one and the alert prompt. And when they closed the script here.
So if you wanted to go manually, do this. You could dio and attempt this exploit yourself using this proof of concept link, which is very handy, that they actually give this
proof of concept link here and and show, you know, that this is actually vulnerable rather than just saying,
Hey, it's vulnerable. They actually show you that it's vulnerable to show you how to
view that it's vulnerable, which is very handy. All right, let's move on to our next tool.