4 XSS gameSpot for Payloads

4  XSS gameSpot for Payloads


Welcome to this lecture in this lecture will test our excesses skill in this one sweep say to it is access excesses game websites sets so you can simply go to this link and you’ll just get these websites so you do not need to just log into this space in order to just tastier access a skill you simply go to the level one and it will just get this page. So let’s see. We’ll just pass the query air else’s low so I’ll just press search and could see Hello has been reflective. That means will this need to pass something instead of hello. So we have done this many times well this past year alert of one and as close my script. So and I disclosed my screen then you’ll see we have got this pop up saying congratulation you executed it alert. So let’s go to that once to the next level. So you have got the next level here. So this one is quite interesting so let’s see this for as clear rather posed for me. And here you have to this go to the hoop. So here is you the hand so you can simply take this hint if you want. So you could see that we have the two hand and three and you could see what we have seen here. So entering a script tag on this level will not work. So let’s see by this typing this script and alert of one and simply passing this script and let’s see if this work cannot sort of see this status. So if he does pass this script then it is invisible in our post that means the script on or over here. So we have to make the content. So because it is saying here’s something like the content so content is visible and if we just talk about the content it is the SDM tag. So we have to make our payload that will be injected inside the estimated tag. So anything that comes on your mind when we talk about the estimable is the event. That means we have to wrap our existence cord or basically javascript cord inside the USDA email tag and that is possible with event. So I’ll just make the email stack to do for these and I’ll say yes RC Let me say anything over here. So let me say for and now on either. So if we this remember this on LiDAR is the attribute of this immense stack which will just be executed when we just fail to load this image which is in this case because we don’t have any means that is named with foo that means this event will be executed. And when this event will be triggered I want to get the alert. So I’ll just say alert me one and this will be our masses. So now we’ll just close our email stack. So let me just close this real quick and let me just run this then you could see the pop of saying congratulations. So what we just did here was you could see this that the e-mail has not been lauded because we do not have any means. So on the will be executed in India on either event. We just made our alert mass is to be executed. So let’s go to the next level and you could see we have something that is the images here. So it should be something that is very much advanced to you so you could go to the Miss to it mystery. So if I just see here some convention and you can also take advantage of this hint. So if you see the Hindu to say that to look at the bug really does Zabriskie. So this is the simple hint. So you could see here the data in Windows dark location object. So this window start location is referring to the other. So if I say something like instead of one if I just say two instead of three a distance two three. So that means it is something to link with this link. So we can inject our script to this link. So what I need to do is simply I want to inject the code over here. So I have to say something like on either which was that even that will be called when there is some either. So if you data. I want to give something the alert of exists something like this and I want to close this one that exists and I want to close my this field. So what we just did here was if there is fair to load them is Will this give this alert surveillance base go and let’s see if this works or not. So it is working. That means this image has not been lauded and we just get this alert because this part has been executed on either which is our event when there is either to fail they miss to Lord. So I’ll just advance to the next level. And this is our next level which is must be level four. So this level four let’s see what this is doing. So let me see this. A hint. So it is saying take a look at how we start time or funds on this call and in other ways when browser see that it EADS allows us to basically encryption there. So foobar Z is same as this. That means there is something to do with encryption. And the next one is trying to bring a single code in was the console leader. So something that is saying that let’s put this one timer and it is saying your timer will be executed in the second but if we see that it is not going to execute so it is not going to just stop for us. So if I just go back and he plays a put instead of these scored if I just sip five create a timer and it will just execute in the five seconds let’s wait for the five second and let’s see it is saying time is up. So that means if I just put something that is discord it is going to be something that is there will be either console. So it won’t be executed. So that means we have to first close our timer and this is the way to close. And after that we’ll just give the alert of the IS SO IF I JUST spicier with this one. So what we just did here was we this close our timer and after we close that time fun and because we have something to do with this start timer method. So if I see the source code then you could see that we have something like Let me source is start timer. So it should be somewhere here. So it is saying take a look at the word because we are not having any fun sun right here. So it is just the way to source that there should be close up these funds and first funds and should be close. That is start timer. And after that we’ll just execute this alert so let’s see if this works. So it is working perfectly. And basically what we just did here was we disclosed first start timer matter and after that we just made our excesses attack which has basically and these excesses messes it all out. So let’s go to the nother challenge here. So now we are in this simple challenge again. So let’s see how this work. So we are in this frame now. And if I just place this sign up then you could see there is a trend in this sign up in we are just getting this next. So next is basically these fields or whenever it is this place next. Something is going to happen. So instead of conform I had two teens to the javascript code. So let’s open my sublime first and hear what you need to do is first of all you have to this to do something like make the javascript code to execute that with the encryption so let me see a source for as the. You are Al Gore ding. And here is a encoding reference. Let’s go here. Endless source for something like this. So this is a person is three and obviously clearly this is the way to give the semicolon so what ISIS need is here. We just need to write it down by script switch with JavaScript and percent is 3A was basically this Colin and I want to give alert and I want to give the person this to be so if he searches for the person to be should be right here which is thus giving us a plus sign or percent is 20 or so. Let me search for another thing instead of do it to be as we want to make another pillar instead of a simple pillar so let’s search for something like OK. What is that look. It is here because we want to just open that for the alert and person days. 27 is for this. So what you need to do is simply we’ll just pass this one and will pass this simple code will pass the accesses and we’ll disclose this with this court. And again this. So what is this data over here. What is this. May the use of this cord to be executed over here. So simply what you need to do is simply put that cord or simply this payload. So if I just copy this and this. Put it right here. And let me just press go. Let me just paste to this next. Then you could see congratulations you executed an alert so you can do this. And instead of this you can also do something like encoding so you can just make use of encoding so what encoding does is basically it will just execute this code that deals with the encoding. So if I just say percent is three a. So that means it is semicolon or basically column. So percent is 3A here is a column. So if you see here it should be right here. So column is here. So person is 3A is a column. So we are just making this column first. And I want to make that alert. So after a lot you have to encode this opening parentheses. So for the opening Batten disease it is person days to it which is right over here. So you this encoded with person days to it and you have to encode this one good. So if it’s here it is permanent is to 7. So while this encoded with percent is to 7 and similar goes for this that is closing the code which is same as it is 27 and the closing pad entices has the encoding of percent days twenty nine. So you can simply use this copy this one go back and simply put here so can best to list press go. Let’s press next. Then you could see we just gave the same alert. So let’s go to the next level now so this is the no challenge which is the last sailings of here. So we can see that there is a link over here saying that gadget. So this is the file and we have the masses right or the down that is saying a lauded gadget from this and get it dart it just by let means it has to do something with this link so what if I just remove them this part. So instead of this because this has been reflected right over here if you see this is static get it down. This has reflected right over here. So instead of this let me just remove all of this. Let’s press go and see what happens polygamist piss go. That thing is happening we replace this basic again means remove all of this place. Go Okay. Let me just put here. The less and preschool. And then it is saying loaded. Gets it from. That is less that means anything after here will be reflective. So if I just say hello and go so it is good and Lord gets it from Halo because there is no guys there but it is just reflecting right down here. That means we had Kansas make now or on data of the telescope that is with the data and Colin and give the text. I want to make the text that would be plain. And after that will just make the alert masses. So I want to keep the alert of one. And now when there’s a space go you could see that we get these executions so what we just did here was we see what the reflection on the pages and their data which is basically the way to this inject our chord inside this frame. So we just made our own messes to be injected in these reflected the excesses attack. So this is the way to just do so you can also see this hint if you just want to get some reference so it is saying see how the value of location fragment. So basically this was the fragment where after this SLAs influences that you are also anything you put after this has always reflected right down here. So you made a use of that vulnerabilities to see our data in the plain format which is our database. Good good. So when did this space go. It is reflected right here. So we have completed our challenges. That is six telling zero. So Weldon. So now let’s see four more challenges in the upcoming lectures soon the next one.

Leave a Reply

Your email address will not be published. Required fields are marked *