Part 7 - Discovering XSS

Video Activity

This lesson discusses entering XSS script manually using a list of commands via Web for Pentester to scan for vulnerabilities.

Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
4 hours 20 minutes
Difficulty
Intermediate
CEU/CPE
5
Video Description

This lesson discusses entering XSS script manually using a list of commands via Web for Pentester to scan for vulnerabilities.

Video Transcription
00:03
>> Finally, we're going to
00:03
discover cross-site scripting manually.
00:03
Best way to check for
00:03
cross-scripting manually is to enter the string below.
00:03
The script, alert, whatever you want to say script.
00:03
For example, if you were to go to example.com,
00:03
index.php, user equals,
00:03
and then you add a script to them.
00:03
Let's go try that, see what we get.
00:03
Here we are on Web For Pentester.
00:03
Let's go-to example 1.
00:03
We see up here name equals hacker.
00:03
Well, we're going to add script into here,
00:03
alert for an alert prompt,
00:03
and then we're going to say,
00:03
"Oh my God, vulns."
00:03
Then we're going to simply close it
00:03
here and we're going to hit "Enter".
00:03
Oh, my God, vulnerabilities.
00:03
That's what we got back for us.
00:03
We know that this is,
00:03
in fact, vulnerable.
00:03
Now, let's see if we can pull some cookies from
00:03
this because if we can pull our own cookies,
00:03
that tells us that we can do
00:03
some mischievous stuff
00:03
where there's cross-site scripting.
00:03
If you want to test for cookie theft
00:03
>> on your application,
00:03
>> you can use the string below.
00:03
Script alert, what you wanted to say
00:03
and you're going to add document.cookie to it.
00:03
An example here and we
00:03
see user=<script>alert("cookie"+document.cookie).
00:03
Let's go see if we can for
00:03
our own cookies here and then later on,
00:03
I'm going to show you just how you can exploit that.
00:03
We have our Z, my God vulns here.
00:03
I'm going to add a +document.cookie,
00:03
we enter and we did not
00:03
get anything back from that script.
00:03
Let's copy this little bit of script here.
00:03
Let's come to example 2.
00:03
Let's see if this is vulnerable to cookie theft.
00:03
No, that was not vulnerable to cookie theft.
00:03
Here we are in our cross-site
00:03
>> scripting environment here.
00:03
>> We have Z oh my God, vulns.
00:03
Well, that works. Let's see
00:03
if we could pull a cookie here.
00:03
Let's do +document.cookie.
00:03
We didn't get anything back.
00:03
Now, this doesn't mean
00:03
that the website isn't vulnerable,
00:03
it just means that this area here isn't.
00:03
Let's come over here to
00:03
our PentesterLab main page
00:03
and stress some of the other ones.
00:03
Can get a cookie from that one.
00:03
Let's try example 4 so we get a cookie from here.
00:03
We get an error from there.
00:03
That's interesting. Let's continue on.
00:03
Let's go five and remember,
00:03
when you perform a cross-site scripting
00:03
or any kind of vulnerability assessment,
00:03
you got to hit all the pages.
00:03
You've got to find out where all
00:03
of the vulnerabilities lie.
00:03
Example A. Oh, look at this,
00:03
we got a query here or some of the query.
00:03
No, did not work in the query field.
Up Next