WEBVTT 00:01.480 --> 00:01.800 Okay. 00:01.800 --> 00:05.640 In the previous lecture, we covered this excesses test on a farm. 00:05.640 --> 00:09.600 Now let's create another method for testing excesses on a link. 00:10.280 --> 00:12.160 And it is very easy here. 00:12.160 --> 00:17.320 You see we have this equality and this script exists here. 00:18.040 --> 00:19.000 So very easy. 00:19.040 --> 00:24.640 We are going to check if the code, if the link has something like this the equality, then we are going 00:24.640 --> 00:30.680 to replace this equality with another equality and then concatenate the script with this equality. 00:30.680 --> 00:34.120 So we will be able to use our script on a link. 00:34.320 --> 00:36.360 Very easy very simple. 00:37.040 --> 00:40.400 So in here I'm going to create that method. 00:40.680 --> 00:47.400 This time I'm going to test name this test access in link okay. 00:49.800 --> 00:56.520 And we are going to give just the URL this time because we don't need the form okay. 00:58.040 --> 01:01.920 And we need access script. 01:02.230 --> 01:05.590 So let's copy that and then paste it here. 01:06.070 --> 01:07.750 Now we have this script here. 01:08.310 --> 01:10.430 The next thing is to replace this. 01:10.470 --> 01:11.430 Okay. 01:11.470 --> 01:12.990 And very easy. 01:13.670 --> 01:15.350 And we have the URL. 01:15.350 --> 01:20.750 So the URL is going to be equal to the URL dot replace. 01:21.590 --> 01:25.550 So in replace function we can use this like this. 01:25.590 --> 01:27.030 We have a plus. 01:27.030 --> 01:33.030 And then I want to replace this with another with another equality sign. 01:33.030 --> 01:36.270 And then I want this to be itself. 01:36.270 --> 01:42.030 And then I want to concatenate that with a script. 01:42.190 --> 01:46.910 That is X is is test script. 01:48.790 --> 01:51.670 Uh, it is script actually. 01:54.190 --> 01:55.870 In here the same thing. 01:57.150 --> 01:58.670 Uh oh my God. 02:00.990 --> 02:03.730 Script, Script. 02:05.010 --> 02:05.970 Okay. 02:05.970 --> 02:09.130 So now it will replace that. 02:09.130 --> 02:11.530 And then we need to create a response. 02:11.530 --> 02:15.050 So let's use a response. 02:15.050 --> 02:19.130 This response is going to be equal to self dot session. 02:19.570 --> 02:24.130 This time we are going to use get because it is not a form okay. 02:24.170 --> 02:26.170 And then we are going to give the URL. 02:26.930 --> 02:30.050 And finally we can check this okay. 02:30.090 --> 02:36.730 If this x is this script is in response dot content. 02:38.170 --> 02:48.370 Then we could return true or we have another another thing the same thing here okay. 02:48.410 --> 02:55.130 Or we can immediately directly we can return this because in here we are checking if you return this 02:55.130 --> 03:00.770 if it is equal or if it is if this script exists then it will return true. 03:00.810 --> 03:05.000 If not, it will return false so that the same thing goes here. 03:05.040 --> 03:12.760 Okay, now, if I just return that and remove this, it will work better, I think. 03:14.120 --> 03:15.720 And the same thing here. 03:18.360 --> 03:23.880 Instead of if I can return X test script encode. 03:24.800 --> 03:25.080 So. 03:27.560 --> 03:31.240 This one the same thing because it is a string. 03:31.240 --> 03:37.040 We cannot check that with that thing that we need to change the type. 03:37.080 --> 03:38.320 Okay. 03:38.320 --> 03:41.360 And now it is done. 03:41.360 --> 03:45.800 From here it is time to move for something else. 03:45.840 --> 03:48.400 It looks like I have some kind of error or what? 03:48.640 --> 03:50.600 Okay, that is here. 03:54.480 --> 03:55.920 This Ctrl s to save it. 03:55.920 --> 03:57.960 And now let's come back here. 03:59.440 --> 04:02.800 And in here, you see, we, uh. 04:02.800 --> 04:10.510 I used hist Inform that this time I want to use it on link. 04:10.550 --> 04:11.430 Okay. 04:11.470 --> 04:15.870 And in link we don't need to give a form here at all. 04:17.190 --> 04:22.310 So I remove this and then we could print the result. 04:22.750 --> 04:25.110 And if I save this. 04:26.230 --> 04:29.030 But I'm not going to check that with this link. 04:29.070 --> 04:29.670 Okay. 04:29.710 --> 04:33.750 I'm going to change the link to this one. 04:36.670 --> 04:37.070 Okay. 04:37.830 --> 04:41.310 I'm going to copy that and then came back here. 04:43.030 --> 04:44.510 There's that link in here. 04:44.510 --> 04:46.910 You see we have an equality here in this link. 04:46.950 --> 04:47.390 Okay. 04:48.350 --> 04:51.230 So I use control s here and then move back here. 04:51.230 --> 04:53.750 Let's see if it is going to return true or not. 04:54.390 --> 04:56.110 And you see we have return. 04:56.150 --> 04:57.470 It has returned. 04:57.510 --> 04:57.870 True. 04:57.870 --> 05:05.070 But in here if I don't print the form so it gives me the result immediately. 05:06.970 --> 05:10.290 So now you see that we only have the true keyword here. 05:11.210 --> 05:17.130 And what if I check that in another form like this one? 05:18.250 --> 05:21.610 Or if I use control z. 05:22.530 --> 05:23.810 Z. 05:23.850 --> 05:24.210 Okay. 05:24.250 --> 05:26.050 It gives me this link back. 05:26.090 --> 05:30.010 Now if I check that with this link, you see that we don't have any. 05:30.010 --> 05:30.850 Get there. 05:31.130 --> 05:34.530 So it returns false for me and it gives me the form. 05:34.530 --> 05:36.650 Looks like we also. 05:36.690 --> 05:38.250 Okay I'm printing that form back. 05:38.970 --> 05:42.250 So now you learn how you can use this okay. 05:42.290 --> 05:44.530 Very easy on a link. 05:44.530 --> 05:50.170 If the link is a vulnerable then it returns true. 05:50.210 --> 05:51.890 If not, it returns false. 05:51.890 --> 05:54.290 The same thing goes with the forms. 05:54.490 --> 05:57.650 So let's go and improve this. 05:58.330 --> 06:02.850 And that is going to be the next the last lecture in this. 06:03.210 --> 06:07.930 In the next lecture I will improve this and I will finish this up.