all right. And finally, we're going to discover cross site scripting manually. Best way to check for cross a scripting manually is to enter the string below the script alert whatever you want to say. Script. So, for example, if you were to go Thio example dot com index a PHP user equals
and then you add that script of the end. So let's go
Alright, here we are. And with for a pen tester.
Good example. One we see up here.
had scripted to here
alert for an alert prompt.
And then we're gonna say,
And then we're going to simply close it here,
Oh, my God. Vulnerabilities. That's what we got back for us.
we know that this is Ah, this is in fact, vulnerable.
Let's see what else? Um, cookies from this.
Because if we can pull our own cookies,
that tells us that weaken d'oh! Mischievous stuff
with this cross site scripting.
If you went to test for cookie theft on your application, you could use a string below.
script alert What you want to say and you're gonna add document dot cookie to it. So example here we see user equals script alert
Document that cookie. Chrissy, if we're getting ah well, our own cookies here And then
later on, I'm gonna shoot just how you can exploit that.
So we have ours, you know? My God, bones here
And we did not get anything back from that script.
let's go over this little bit of script here.
It's come to example to let's see if this is vulnerable to cookie theft
now that was not vulnerable to cookie theft.
All right, so here we are in our cross site scripting environment here.
So we have zero My god bones, that works.
We could pull a cookie here,
We didn't get anything back
I mean, the website is invulnerable. Just means that this area here is that so
let's come over here
to our pen tester, lab,
and Strauss. Some of the other ones
I couldn't get cookie from that one. Let's try example for
it's a good cookie from here
We got an error from there. That's interesting.
Continue on its good five. Remember, we perform across that scripting or any kind of vulnerability assessment. You
gonna hit all the pages? You gotta find out where all of the vulnerabilities lie.
It's example. 80 Unless we got a query here.
Did not work in the query field.