1 1 00:00:01,510 --> 00:00:02,790 Okay, now let's have a look 2 2 00:00:02,790 --> 00:00:05,420 on a stored XSS example. 3 3 00:00:05,420 --> 00:00:07,430 Now, stored XSS is very similar 4 4 00:00:07,430 --> 00:00:08,810 to a reflected one. 5 5 00:00:08,810 --> 00:00:12,020 It allows you to inject JavaScript code 6 6 00:00:12,020 --> 00:00:13,040 into the browser. 7 7 00:00:13,040 --> 00:00:14,900 The code is executed on the people 8 8 00:00:14,900 --> 00:00:16,300 that visit the page. 9 9 00:00:16,300 --> 00:00:19,200 The only difference is with the reflected, 10 10 00:00:19,200 --> 00:00:20,750 you have to send the URL 11 11 00:00:20,750 --> 00:00:23,390 to your target so the target had to actually click 12 12 00:00:23,390 --> 00:00:25,790 on a URL for the exploit to run 13 13 00:00:25,790 --> 00:00:27,163 or for the code to run. 14 14 00:00:28,060 --> 00:00:30,960 In the stored XSS, 15 15 00:00:30,960 --> 00:00:34,060 the code will actually be stored into the database 16 16 00:00:34,060 --> 00:00:35,360 or into the page. 17 17 00:00:35,360 --> 00:00:38,700 So every time any person runs that page, 18 18 00:00:38,700 --> 00:00:41,510 they will see your code and your code will be executed. 19 19 00:00:41,510 --> 00:00:43,890 So you won't need to interact with any users 20 20 00:00:43,890 --> 00:00:45,163 or send them anything. 21 21 00:00:46,250 --> 00:00:48,360 Therefore, this could be much more dangerous 22 22 00:00:48,360 --> 00:00:49,833 than reflected XSS. 23 23 00:00:51,100 --> 00:00:52,130 So let's have a look on this. 24 24 00:00:52,130 --> 00:00:56,520 Now, I clicked on the XSS stored here on the left 25 25 00:00:56,520 --> 00:00:57,890 and you have this page. 26 26 00:00:57,890 --> 00:00:59,330 And this page just allows you 27 27 00:00:59,330 --> 00:01:02,870 to add a message to the system. 28 28 00:01:02,870 --> 00:01:04,823 So I'm gonna put my name as Zaid. 29 29 00:01:06,060 --> 00:01:08,240 We're just gonna do a normal test first 30 30 00:01:08,240 --> 00:01:12,420 and we're gonna put a message body, for example, 31 31 00:01:12,420 --> 00:01:15,330 and then I'm gonna sign the guestbook 32 32 00:01:15,330 --> 00:01:17,914 and you can see that Zaid added a message 33 33 00:01:17,914 --> 00:01:20,020 called message body. 34 34 00:01:20,020 --> 00:01:22,780 So if we go to here 35 35 00:01:23,870 --> 00:01:25,480 into another machine. 36 36 00:01:25,480 --> 00:01:26,860 So this is a different machine 37 37 00:01:26,860 --> 00:01:28,170 to a different place 38 38 00:01:28,170 --> 00:01:30,270 and if we go into the XSS stored, 39 39 00:01:30,270 --> 00:01:31,760 we can see that there is two entries. 40 40 00:01:31,760 --> 00:01:34,710 So the entries are being loaded from the database 41 41 00:01:34,710 --> 00:01:38,380 and they contain the entries in that database. 42 42 00:01:38,380 --> 00:01:41,020 So if we manage to inject code in here, 43 43 00:01:41,020 --> 00:01:43,350 then any person who runs this page, 44 44 00:01:43,350 --> 00:01:44,510 the code will run it 45 45 00:01:44,510 --> 00:01:47,920 without even having to send that person anything. 46 46 00:01:47,920 --> 00:01:50,370 So let's try to inject stuff here. 47 47 00:01:50,370 --> 00:01:51,810 So let's put my name as Zaid 48 48 00:01:52,810 --> 00:01:55,150 and I'm gonna try to put my code in here. 49 49 00:01:55,150 --> 00:01:57,550 So I'm gonna try to inject into the message. 50 50 00:01:57,550 --> 00:01:59,620 I'm gonna put it as script. 51 51 00:01:59,620 --> 00:02:01,580 I'm gonna use the exact same test code 52 52 00:02:01,580 --> 00:02:03,310 that we used in the previous video. 53 53 00:02:03,310 --> 00:02:05,210 Just a message saying XSS. 54 54 00:02:05,210 --> 00:02:06,713 Again, very basic code. 55 55 00:02:07,780 --> 00:02:10,490 But it serves for the purposes of this video 56 56 00:02:11,430 --> 00:02:12,680 and we're gonna say alert 57 57 00:02:15,770 --> 00:02:16,603 XSS. 58 58 00:02:17,760 --> 00:02:20,270 And I'm gonna try to sign the guestbook 59 59 00:02:20,270 --> 00:02:23,300 and as we can see now, I got the XSS here. 60 60 00:02:23,300 --> 00:02:25,160 But the real magic happens 61 61 00:02:25,160 --> 00:02:26,440 when a normal person, 62 62 00:02:26,440 --> 00:02:28,160 so let's just go home first 63 63 00:02:28,160 --> 00:02:30,610 and let's assume this is just a normal website 64 64 00:02:30,610 --> 00:02:33,010 and people are just coming and browsing it 65 65 00:02:33,010 --> 00:02:34,970 and once they're gonna go to the guestbook, 66 66 00:02:34,970 --> 00:02:38,150 JavaScript code will be executed on their system 67 67 00:02:38,150 --> 00:02:39,360 from that website. 68 68 00:02:39,360 --> 00:02:41,370 So the code is coming from that website 69 69 00:02:41,370 --> 00:02:44,260 and it's going to be executed on every person 70 70 00:02:44,260 --> 00:02:46,033 that visits this page. 71 71 00:02:48,050 --> 00:02:50,810 Again, we're just showing a proof of concept here. 72 72 00:02:50,810 --> 00:02:52,270 In future videos, we'll show 73 73 00:02:52,270 --> 00:02:55,333 how to further exploit this kind of vulnerability.