3. STEPS TO FOLLOW
INCISIVE-JOVIAL
STEP-1
CHANGE SECURITY LEVEL TO LOW
STEP-2
TRY OUT SOME BASICS HTML AND SCRIPTS
STEP-3
EXAMIN THE SOURCE CODE
HTML
<h1> JOVIAL </h1>
<font color=“blue”> Jovial </font>
Script
<script>alert(“Jovial is saying hello!”)</script>
<script>alert(document.cookie);</script>
4. WHAT SOURCE CODE SAYS
INCISIVE-JOVIAL
Removes white spaces from start and end of string
Removes backslashes
Escape special characters in a string
n, r, , ‘, “, etc
Not blocking any html or other specific tags
6. STEPS TO FOLLOW
INCISIVE-JOVIAL
STEP-1
CHANGE SECURITY LEVEL TO MEDIUM
STEP-2
TRY OUT SOME BASIC SCRIPTS
STEP-3
EXAMIN THE SOURCE CODE
Basic Scripts
<script>alert(“Jovial is saying hello!”)</script>
<script>alert(document.cookie);</script>
7. WHAT SOURCE CODE SAYS
INCISIVE-JOVIAL
Removes white spaces from start and end of string
Adding backslashes and removing tags
Escape special characters in a string n, r, , ‘, “, etc
Replaceing the <script> and <SCRIPT> tag with blank space
Converting special characters to html codes (replace < with < )
We can make a use of $name field for our payload
8. NOW WHAT
INCISIVE-JOVIAL
STEP-4
CHANGE name input box length
STEP-5
NOW TRY OUT SCRIPTS
BECAUSE
PHP is just filtering the <script> OR <SCRIPT>
BUT NOT <ScRiPt> for name field
Basic Scripts
<sCrIpT>alert("XSS");</sCrIpT>
<ScRiPt>alert(document.cookie);</ScRiPt>
10. STEPS TO FOLLOW
INCISIVE-JOVIAL
STEP-1
CHANGE SECURITY LEVEL TO HIGH
STEP-2
TRY OUT SOME BASIC SCRIPTS
STEP-3
EXAMIN THE SOURCE CODE
Basic Scripts
<script>alert(“Jovial is saying hello!”)</script>
<sCrIpT>alert(document.cookie);<ScRiPt>
11. WHAT SOURCE CODE SAYS
INCISIVE-JOVIAL
Removes white spaces from start and end of string
Adding backslashes and removing tags
Escape special characters in a string n, r, , ‘, “, etc
Detecting <script> tag using regular expression
Converting special characters to html codes (replace < with < )
We can make a use of pure html tags in $name field for our payload
12. NOW WHAT
INCISIVE-JOVIAL
STEP-4
CHANGE $name input box length
STEP-5
NOW TRY OUT HTML TAGS
BECAUSE
PHP is filtering $name for the <script> tag with regex not HTML
Basic Scripts
<img src=nosource onerror=alert(document.cookie)>
<body onload=alert(document.cookie)>
Hello guys, welcome to the C plus plus video tutorial series, we will learn by proceeding a project Chat Bot
As every thing is going good, first under stand the structure of a program from a sample code.
You can download the installer package from the link given in the video description, it is easy to install just follow the installer instructions. I already have installed.
You can download the installer package from the link given in the video description, it is easy to install just follow the installer instructions. I already have installed.
As every thing is going good, first under stand the structure of a program from a sample code.
You can download the installer package from the link given in the video description, it is easy to install just follow the installer instructions. I already have installed.
You can download the installer package from the link given in the video description, it is easy to install just follow the installer instructions. I already have installed.
You can download the installer package from the link given in the video description, it is easy to install just follow the installer instructions. I already have installed.
As every thing is going good, first under stand the structure of a program from a sample code.
You can download the installer package from the link given in the video description, it is easy to install just follow the installer instructions. I already have installed.
You can download the installer package from the link given in the video description, it is easy to install just follow the installer instructions. I already have installed.
You can download the installer package from the link given in the video description, it is easy to install just follow the installer instructions. I already have installed.
As every thing is going good, first under stand the structure of a program from a sample code.