How to avoid jail: "I`ve given myself the permission"
@elisttm4 жыл бұрын
officer i swear what i did wasnt illegal, i gave myself permission to rob him!
@georgek44164 жыл бұрын
@@elisttm ok ur free
@ajinkc10313 жыл бұрын
XDDD
@revenevan113 жыл бұрын
@@elisttm this reads like a privilege escalation exploit lol
@bxnkroll3 жыл бұрын
I'm using it
@soweliLuna6 жыл бұрын
the intro had "" and the outro ""... smart... love the attention to detail
@rixogtr6 жыл бұрын
what that means ?
@rixogtr6 жыл бұрын
oh now that makes sense :D Thanks
@andy.robinson6 жыл бұрын
Being the pedantic developer I am, it's more like XML since HTML doesn't support a tag.
@sirturnables6 жыл бұрын
What are u doing here if u don't know that?? lol
@toyotaae86truenogt-apex976 жыл бұрын
@@sirturnables learning.
@clementella7 жыл бұрын
Me: Can I SQL Injection Attack your website Me:Sure
@katherinegonzales49165 жыл бұрын
That's what he did
@kubadzejkob3325 жыл бұрын
Imagine he has schizofrenia and fires a lawsuit against himself.
@kubadzejkob3325 жыл бұрын
Or simply changes his mind.
@Shubhankar314 жыл бұрын
*Mr. Robot intesifies*
@1kennylo4 жыл бұрын
😂
@barkeeper78874 жыл бұрын
imagine not giving yourself permission to do this on your own website and then you sue yourself, win the lawsuit and then land in prison
@costafinkel4 жыл бұрын
Well, at least you would be able to win your own money. Thats more than what can be said for some married / divorced folks.
@barkeeper78874 жыл бұрын
You’re pretty damn right m8
@aviddavid87934 жыл бұрын
mmmMM the court fee and if you have 1000 iq your lawyar takes about 30%
@heeheehawhawheehee3 жыл бұрын
Then become mr robot
@imho22783 жыл бұрын
Write it off as a tax deduction.
@karldavis73923 жыл бұрын
Decades ago, my brother named his bowling team "select *". This was in the early days of computers, so there wasn't modern security. The bowling alley printed the statistics, and when his team arrived, the employee presented an entire ream of paper and demanded they choose a different name.
@bsvenss23 жыл бұрын
Hehehe... funny. It's like the first Unix systems where you couldn't have a user named "Ed".
@karldavis73923 жыл бұрын
@@bsvenss2 Would it start the editor?
@Deeeve Жыл бұрын
@@karldavis7392 it would lol
@MrDeeb88 жыл бұрын
Thank you Peter Parker
@tomascanevaro42927 жыл бұрын
He's the cool version of Peter Parker, from Spiderman 3
@ashharryman196 жыл бұрын
Underrated post
@RedditNovelties6 жыл бұрын
I thought I was the only mofo thinking he looked like Peter Parker from Spider-Man 😂
@warpman3456 жыл бұрын
Or Frodo from the lordof the rings
@DanIel-fl1vc6 жыл бұрын
FRODO!
@tommytomtomtomestini38948 жыл бұрын
Instructions unclear, NSA is outside my house.
@Drummerdude9988 жыл бұрын
😂😂😂
@baho6447 жыл бұрын
John Doe FAV hahahahaa
@adamwood17067 жыл бұрын
😂😂😂
@blackham77 жыл бұрын
WTF HOW DID YOU GET NSA OUTSIDE YOUR HOUSE OBVIOUSLY YOU UNDERSTOOD THE INSTRUCTIONS ARE YOU IN PRISON NOW?
@thatonegooze6 жыл бұрын
blackham7 wooosh
@bennyboy9688 жыл бұрын
I love how he explains things non-pretentiously. It seems a lot of people in the computing field really like to think they're better than everyone else.
@AngrySkipperGC6 жыл бұрын
Prince Benny it’s usually not their fault. Having worked with Tech Mobs for the Gold Coast commonwealth games, it’s just how IT dudes are and there is actually a job for people to take what the IT guy says and explains it to the project manager in a way that makes sense.
@morten16 жыл бұрын
Yeah he's a great teacher too
@americancitizen7486 жыл бұрын
Or with a foreign accent so heavy you can't even tell they are speaking English.
@froyorex48566 жыл бұрын
Yeah we do 😎
@MrX-nc8cm5 жыл бұрын
Yes we are
@randomuser-vs3oe5 жыл бұрын
alright youtube, this has been in my recommended for 2 years now, ill watch it, you win.
@universenerdd4 жыл бұрын
Underrated
@jamesmccabe22864 жыл бұрын
Interesting and informative, but the other guy is almost as basic as "So, what's that in front of you? Is it a computer?"
@Кира-м2у3п3 жыл бұрын
lowkey joke
@sachinfulsunge99773 жыл бұрын
You just wasted 2 years
@Кира-м2у3п3 жыл бұрын
@@sachinfulsunge9977 hahaha
@mattshnoop5 жыл бұрын
It’s crazy how different my understanding of this video is since the first time I watched it. I watched it back in high school, now I’m halfway through a university degree and have taken web development courses... Funky.
@sadimehti99344 жыл бұрын
Got Same feelings haha
@BaconTrainss3 жыл бұрын
i feel attacked
@shrimps693 жыл бұрын
Just came back after 5 years and I'm second year into IT
@travispetit24108 жыл бұрын
Imagine naming your child "LIKE'%' UNION SELECT * FROM TABLEBASE" so that when they register its name, you'll get the information on all of the country's database
@ilyasssaadi95947 жыл бұрын
Travis Petit probem is, you should rather imagine that names of people would contain else than alphabet (numbers and symbols)
@1wOOrking16 жыл бұрын
Why is PHP better then Python please?
@Minecraftsomebody6 жыл бұрын
^^^^^^^^^^
@siisihqdaa6 жыл бұрын
US government sites use Drupal which uses PHP, so US government actually uses PHP
@ithinkitsaurus6 жыл бұрын
my birth name is actually ':-- DROP DATABASE
@habiks8 жыл бұрын
..what is illegal? running sql attack or making shitty web apps? Coz my real name is "'; DROP table users; SELECT '"
@atomheartother8 жыл бұрын
Both.
@modernkennnern8 жыл бұрын
releasing the information is illegal.
@jan_harald8 жыл бұрын
attacking someone without their permission is illegal by law making shitty apps is illegal by community
@Padarom8 жыл бұрын
Making your application insecure towards attacks and putting your user's sensitive informations at risk of being stolen and released is illegal. @jan harald: What is "illegal by community" supposed to mean?
@harrisonharris69888 жыл бұрын
I wonder if you could change your legal name to that.
@SuperManitu18 жыл бұрын
The hacking videos are the best and most interesting for me as comp science student. Keep them coming!
@Ownage4lif318 жыл бұрын
Just wait until you learn MySQL and Javascript. Then you'll be able to learn some very interesting things.
@SuperManitu18 жыл бұрын
BlackenGames lol, I can program in over 20 languages, including those two. The point is not to learn them, but to learn against them. Possible weaknesses you have to remember when programming.
@Stigsnake58 жыл бұрын
>Javascript When I'm feeling like a masochist perhaps.
@SuperManitu18 жыл бұрын
Blaze I really hate Javascript, but you should try typescript. I have made my peace with javascript that way
@Ownage4lif318 жыл бұрын
SuperManitu1 Then you should be able to exploit things easily. I don't know how to program in a lot of languages. Only 2 and I know how to do some nice exploits.
@pandasworld41685 жыл бұрын
The interviewer thought the text editor was already the hacking part
@davidprice64625 жыл бұрын
I noticed his excitement as well.
@arielfenomenon92335 жыл бұрын
I loved when he nervously asked...so where are u typing that now....as if the whole world was going to blow up >^
@paulaxa14 жыл бұрын
you know he probably knows but he just asks for the content right?
@georgek44164 жыл бұрын
He knows
@andrewhennessy6204 жыл бұрын
at least he's willing to learn
@PaulBunkey Жыл бұрын
This is the best explanation of SQL injection video ever. I've recommended it to a non-technical friend and he got the info-sec job.
@zanzlanz8 жыл бұрын
This is a very well done demonstration! I liked being able to see how it worked in an actual example. Someone ran one of those scripts on my site to try to hack my database a couple years ago. The only thing it helped me realize is that I needed stronger spam protection, because it left thousands of failed injection comments on one of my pages, haha.
@ZweiSpeedruns8 жыл бұрын
That sounds more like xss than sql injection
@jarmo_kiiski8 жыл бұрын
You need some of that htmlspecialchars(), a stripslashes() and str_replace()
@empiter33598 жыл бұрын
htmlspecialchars() for the output as xss protection. in case of php & mysql it would be mysql_real_escape_string() against sql injections in quoted values. but people shouldn't think they would be save when just using these functions. someone can do an sql injection without using any control chars at all if you didn't put quotes around the variable in the query: for example "SELECT * FROM posts WHERE postId = $postId"... the value of $postId could just be "1 UNION (SELECT 1, 2, 3)-- " without any quotes. in this case you would be save with casting the variable to an int, but best practice in general is using prepared statements.
@empiter33598 жыл бұрын
meh, forgot about the ; in the example injection - but you get the point... use prepared statements / stored procedures :-)
@AchrafAlmouloudi8 жыл бұрын
No, it is a SQL injection attempt, not an XSS attack, the hacker was using the comments form as a gateway to the database, just like Michael in the video used the search box to send malicious queries. The difference is a comments form will store those requests as comments while a search box doesn't store search queries.
@AriannaEuryaleMusic7 жыл бұрын
So the best defense is to disable the "Search" box
@Ioganstone6 жыл бұрын
Only criminals need search boxes.
@saeedbaig42496 жыл бұрын
The best defence is to take down your own website, destroy your computer, isolate yourself from technology & civilisation and go live in the woods.
@ShokoCC5 жыл бұрын
No client can't hack you if you have no clients #LifeHack @@saeedbaig4249
@adamatlas11135 жыл бұрын
Nah, silly lol Just ban "UNION" from your search box...
@chadtowers85565 жыл бұрын
From memory it's possible to use your browser search bar to run an SQL query
@Wolle7047 жыл бұрын
I always struggled with some parts of this. But I finally understand how it works so I'd have to say this is probably the best explaination of SQL injections I've ever come across. Thanks
@samuelokirby4 жыл бұрын
Okay KZbin, I'll watch it. Recommending it to me for years.
@armonfrohlich63485 жыл бұрын
The whole computerphile series is just great. Much that I can only see through here, although I speak only moderately English. Your enthusiasm and your fascination for the topic leaves even a slightly boring topic to last interesting. And that with every clip.
@TheMrYakobo8 жыл бұрын
I thought I loved Scott. Then I discovered this man, the man that doesn't pronounce SQL like Sequel. He's brilliant
@denvernaicker82506 жыл бұрын
oh snap i've been pronouncing it incorrectly
@jackrogers11156 жыл бұрын
Us in the UK dont tend to prononce it sequel...
@13am226 жыл бұрын
@@jackrogers1115 Well isn't Tom Scott from the UK, though? You see, he's the one in question who tends to do so.
@jackrogers11156 жыл бұрын
@@13am22 what
@jackrogers11156 жыл бұрын
In the uk, we tend to say s q l, not sequel. Thats what i'm say. And yes hes from the uk
@antiHUMANDesigns8 жыл бұрын
I made a website many years ago, and obviously made sure SQL injection wasn't possible, and I also logged stuff, and I did see some people trying to do SQL injection on my website.
@2112121124 жыл бұрын
peas give me website address and permission to practice pen test
@antiHUMANDesigns4 жыл бұрын
@@211212112 This was well over 10 years ago. That website no longer exists.
@jmvr4 жыл бұрын
anti/HUMAN Designs :(
@JDSileo3 жыл бұрын
This is defense against the dark arts for Computer Science
@BladeGamester5 жыл бұрын
OKAY KZbin I FINALLY WATCHED IT! This video has been in my recommended for years now.
@dhananjaydj5433 жыл бұрын
I'm only halfway through the video, Its easy to understand what he is trying to say due to those practical examples in a simplified way. Its half a decade old and still best videos to watch out for on this topic.
@Lmaoboat8 жыл бұрын
This guy is by far the best on this channel. Especially with his practical examples!
@Adam923268 жыл бұрын
That's why I use prepared statements everywhere, even when I get something from my own database, and do a query on something else.
@baldeepbirak6 жыл бұрын
Useful to see as this does work on my website.
@Rosson3116 жыл бұрын
Baldeep Birak so what website you run.? Asking for a friend lol
@TeeKayMTrove6 жыл бұрын
Cheeky.
@gavbag12346 жыл бұрын
Hey now, let's none of us go Ball Deep on Baldeep.
@IAmESG6 жыл бұрын
mind if I take a look on your website?
@cosminxxx52875 жыл бұрын
@@Rosson311 but even as a joke you shouldnt try it cause when police will be at your door ,it wont hold honestly. like, i go with a knife at your house and you call police and i tell them 'oh ,its was just a joke,for fun,didn't mean to do anything'. not so sure someone will bite that even if it would be truth.so yea, don't even think to try just to see if it works.you would be the dumbest hacker in that jail yard.
@eminem25 жыл бұрын
Imagine explaining that to inmates in jail: "I... I... put the wrong text in a database on purpose". Inmates be like: "Somebody get me a restriction order, you ain't coming 5 cells away from me, what is wrong with you!"
@Jibblets4 жыл бұрын
Funny haha
@darshandani14 жыл бұрын
I learnt more from this video than my entire DBMS coursework.
@PashaSiraja8 жыл бұрын
A 2rd degree attack would be me naming my children ";--"
@PashaSiraja8 жыл бұрын
LOL I miss-typed 2 instead of 3 hahaha
@ihrbekommtmeinenrichtigennamen8 жыл бұрын
Bobby Tables would be proud of you!
@GlassCurtain8 жыл бұрын
Little Bobby Tables!! :)
@CuZoSky8 жыл бұрын
2rd ? "secord" ? :))
@ihrbekommtmeinenrichtigennamen8 жыл бұрын
CuZoSky twoerd
@Rippertear8 жыл бұрын
you gave yourself permission? is that in writing? is it notarized? who knows, maybe you'll change your mind and press charges on yourself!
@chasebrower78168 жыл бұрын
You don't go to jail if you don't get caught.
@chasebrower78168 жыл бұрын
Iceborn Gauntlet probably you.
@36nuts188 жыл бұрын
Chase Brower no, not just me. EVERYONE.
@rasheedhadi27146 жыл бұрын
Frank zapper
@malharjajoo73936 жыл бұрын
you don't go to jail if you never try to learn this stuff. * makes the meme face *.
@americancitizen7486 жыл бұрын
That's what Hillary told me.
@Towzlie5 жыл бұрын
That's why you use PDO and bind requests. Also don't forget to sanitize user input before the query
@skyone92372 жыл бұрын
I never understood SQL injection untill I watched this video...bow to you..🙇
@deejaykaye7 жыл бұрын
This guy is quality, I could listen to him all day
@VexillariusMusicEDM8 жыл бұрын
Dude this guy is crazy I love watching vids with this dude
@GetCTOwned5 жыл бұрын
Reminds me of the days when I had to 'recover' lost wordpress credentials for customers. Luckily web security has gotten much better but this is still a very valid video.
@MrSkinkarde3 жыл бұрын
Wordpress has never been secure in any way And it should never be used commercially
@abandoned75015 жыл бұрын
Quantity in stock: A D M I N
@Purely_Andy4 жыл бұрын
Product name: G E O R G E
@feliper.1504 жыл бұрын
Alternative title: Tyrell Wellick runs an SQL Injection attack.
@PongiPlaysGames4 жыл бұрын
XD
@vinkuu8 жыл бұрын
The password for user Joe is 'administrator'. ./john /vagrant/x --show ?:administrator 1 password hash cracked, 0 left
@CJBurkey8 жыл бұрын
What was the salt?
@vinkuu8 жыл бұрын
The whole hash is $1$V32.4G/.$0PKnjhXYUmYLJZZ8vEt/b/ so i guess the salt is 'V32.4G/.'. I'm not familiar with the format of md5, but in bcrypt that would be the salt.
@CJBurkey8 жыл бұрын
vinkuu So, essentially, if you get into the database, you can use the salt that is with the password to crack it by brute forcing it?
@vinkuu8 жыл бұрын
Yes correct. And that is the reason md5 is considered a bad choice of hashing algorithms to use for hashing passwords. It's very fast to brute force md5 hashes compared to eg. bcrypt with a cost setting of 15. It directly equates to cost (€) of the brute force cracking setup.
@ZombieCakeHD8 жыл бұрын
Or just type in administrator??????
@Nalopotato6 жыл бұрын
One of my accomplishments at my first job was rewriting all of our (then) inline SQL queries and stored procs in C# to implement SQL injection prevention! It was a lot of fun :) And very rewarding when I was done
@SpencerDavis20005 жыл бұрын
this was one of the most interesting videos I have seen in a while. gotta watch more now
@meptalon5 жыл бұрын
Subcription at first video :) This is the best explanation of an SQL injection that I've ever heard. Pretty sure that even non-coders would understand
@raiker024 жыл бұрын
alert("hello world"); -I'm in.
@hrnekbezucha8 жыл бұрын
Now this is art. I can totally imagine people do stuff like this cause it's fun. Like chess.
@orlagskapten98295 жыл бұрын
Juan2003gtr why are you calling him a noob?
@stylz14 жыл бұрын
Like gambling.
@DrRChandra8 жыл бұрын
user name consisting of SQL? must be Little Bobby Tables
@tiggerbiggo8 жыл бұрын
rchandraonline I know of that site, but this is a full in depth explanation as to exactly how it works.
@fluck61598 жыл бұрын
I will name my son as Little Bobby Tables
@jcfawerd7 жыл бұрын
I suddenly remember a man named "null"
@GioGziro957 жыл бұрын
Where's the "Students" table?
@CreamyRootBeer7 жыл бұрын
Oh, I love that comic. "Oh little Bobby Tables, we call him."
@Werdna123458 жыл бұрын
Would love to see a video on second order SQL injections!
@nicktech21525 жыл бұрын
WPF in C# 2010 Book on the background - Busted!
@jbyagenrok Жыл бұрын
Felt like I was listening to an SQL injection tutorial as presented by James Acaster. And loved every second of it of course
@Rougeman08 жыл бұрын
I really love how Mike stepped up his game lately. Easily one of my regulars on Computerphile, keep it up!
@dustin_echoes8 жыл бұрын
Thanks! This video explains it better than my database subject lectures.
@club65252 жыл бұрын
Just to clarify: It's not a malformed query. You're actually getting outside of the query that the website wants you to. Basically, you get to create your own little query which is pretty terrible cause then some dude can query for everyone's passwords.
@_martinedwards5 жыл бұрын
That nearly finished Rubik's cube on his desk is playing havoc with my OCD
@Sharpless23 жыл бұрын
here to remind you of that unfinished cube lol
@_martinedwards3 жыл бұрын
😭
@gonzalo46585 жыл бұрын
the first person to put the word 'an' before consonants like 's' that start with a vowel. Thank you. An 'r', people. Say AN 's', AN 'h', AN 's', etc. I know I'm not the only one.
@SpencerFcp6 жыл бұрын
I used to work for a consulting company and you'd be surprised how shitty the majority of companies are at protecting your data. Mostly smaller businesses, but even some of the large ones lack basic security measures. It was pretty eye opening.
@tomchapman1284 жыл бұрын
"Ah, I'm sure my website will be fine." *checks it* "ohno"
@emberdrops38924 жыл бұрын
actually underrated 😂
@mariadb46274 жыл бұрын
Oof 😅
@Suicidekings_4 жыл бұрын
SurprisedPikachu.jpg
@KacangNgoding3 жыл бұрын
"anyway..."
@an3ssh5 жыл бұрын
Thank you KZbin for suggesting me this video after my DBMS exam .....wouldve done great if i had watched this video
@madnessguy0101016 жыл бұрын
I had known and understood what sql injection was previously, but I had never heard of blind sql attacks and using database-specific syntax in order to obtain information on the underlying database. Very informative video
@chrisalister22976 жыл бұрын
Amazing how this was posted in 2016 and these were concerns I had to address in 1996. Filtering, stored procedures and permissions are your friend.
@raf.nogueira7 жыл бұрын
This why we should use PreparedStatements in PHP , JSP, Servlets, C# and ASP.. :)
@13am226 жыл бұрын
That wasn't alway a thing before sadly. As of today, it's the only way to go basically. :)
@philadams92548 жыл бұрын
"; DROP ALL DATABASES; --
@josephthapa58486 жыл бұрын
Thats bad
@cristalmen91046 жыл бұрын
:D
@홍현기-s1o6 жыл бұрын
OMG...
@chrisellis58606 жыл бұрын
Only if the account has been granted DROP permissions. For a site that just shows records it should only be created and given SELECT permission.
@fireboltofdeath6 жыл бұрын
+Chris Ellis Do you really think someone who isn't going to escape user input, would think about that? Because I honestly don't.
@leonhill84473 жыл бұрын
As a SQL beginner this was super helpful, thank you.
@Codetutor-DemystifyCoding3 жыл бұрын
Just perfect!!! Rather than talking about how it's done, show how it's done.
@KiraPlaysGuitar2 жыл бұрын
"It should have used that single quote as a character, not as a control structure" damn that is really interesting and cool... Please (universe) give me the determination to get through HTML/CSS/JS/SQL... It just seems so neat and handy...
@Johan-st4rv8 жыл бұрын
I got 15 years for sql injection one time absolute mad man
@zyxcalxyz20076 жыл бұрын
but did you though?
@akaashik6 жыл бұрын
I got executed for MITM attack.
@JaaoPonte6 жыл бұрын
I got a two days torture for changing the input type from password to text
@sieghart05156 жыл бұрын
I got sentenced lethal injection for typing on console
@igniscorvata95625 жыл бұрын
@@sieghart0515 I did a year and a half for getting on my teachers computer, taking a screenshot of his desktop, saving that screenshot as a jpeg then making that his desktop background... then removing his shortcuts and lowering his task bar.. so no matter how much he clicked, he got no where.
@B20C08 жыл бұрын
The most scary fact about this is that it's still an issue in 2016. I did this kind of stuff 15 years ago and back then I already thought "this is way too easy". The bad news was that there were no such things as prepared statements, so you really had to do all the work with escaping.
@combatking08 жыл бұрын
When putting together a SQL driven site, I put all text input variables through a function which filters out all potentially hostile characters and replaces them with something which cannot be interpreted as SQL code. It could also be possible to get the PHP to check for multiple attempts to submit SQL injections. One or two could be accidental, but more than that could be viewed as an attack, so I could make the PHP block all traffic from that IP for an hour, or return some decoy tables, or even a fake page warning the hacker that a virus is being uploaded to their computer, complete with a progress bar :)
@13am226 жыл бұрын
If you're still learning PHP, SQL and all that stuff and didn't already - please have a read on PDO and prepared statements. It's the "new" easy way of dealing with everything. :)
@elliotc42682 жыл бұрын
make it return what they would want to see, but the wrong information. a fake error or a fake full table
@joylox3 жыл бұрын
That program you had was literally something I had to make for a class in web development. I think it was the PHP class. Thankfully, we also have a mandatory information security course I'm in now and learning about these. We did talk about making sure quotes don't get in, which is important.
@bobbyboygaming2157 Жыл бұрын
this explanation is so far superior to the other guy's coffeeshop explanation. The visualization is very important.
@colee61335 жыл бұрын
the illegal part of this is having an unsolved cube on your desk with super easy PLL case :c
@JonSmith-cx7gr5 жыл бұрын
What was the price for the 7mm nails? I'm re-upholstering a chair currently and think 8mm would be too long. Thanks.
@FazleyRabbibd2 жыл бұрын
It’s 2022 and still a valid issue!!!
@Rhyden6 жыл бұрын
I learned more about databases in this one video than I did during a semester long class in Uni about databases.
@PlayGrum5 жыл бұрын
just started doing a Cyber Security Course at college, enjoying your videos to supplement my learning :)
@BijanIzadi3 жыл бұрын
This should be basic education at this point, I’m so pissed nobody was learning or teaching this in school
@Julian.Gilexs3 жыл бұрын
Depends on the school were you at.
@joecurran28113 жыл бұрын
Totally agree.
@srider334 жыл бұрын
15:15 "Thank you for saving us some time." - Malicious people.
@fyrchmyrddin19375 жыл бұрын
Back when I was a "code monkey" AKA programmer, I was once officially admonished by my supervisor for wasting time putting in error trapping. "If the customer wants that, they can pay for it" was what he told me... That company is still around today - I looked them up. Apparently one of their core values is "Enthusiastic, Passionate and Fun" but the fact is, crappy programming is the norm, not the exception.
@chaozkreator5 жыл бұрын
I like how the interviewer initially couldn't get around the fact that all the instructor was doing is just writing out the "code" in a text editor.
@thetooginator1533 жыл бұрын
Ha! I encrypted user names and passwords back in 1992! The encryption wasn’t very sophisticated, but the bad guys didn’t know that. I feel so validated!
@kimlau42855 жыл бұрын
Me: Going through lecture slides to past my sql exam. You: Playing black magic with sql query.
@TheLollercaster6 жыл бұрын
5:42 - this was the first time I dropped my jaw
@hendrikw41048 жыл бұрын
Fellow Sublime Text user
@CatnamedMittens8 жыл бұрын
Amazing band
@AaronHelloWorld8 жыл бұрын
take my like hahahaha
@CatnamedMittens8 жыл бұрын
I'm serious tho.
@joeabinassif75188 жыл бұрын
sublime text
@94vujke8 жыл бұрын
Atom is better
@PaulStewartArck5 жыл бұрын
I never sanitize form input. Livin' on the edge!!!
@n1c984 жыл бұрын
I love this channel, some videos I understand, and some I have no ******* idea what they are talking about. These guys are super epic and advanced. I'm an uber beginner LOL. Been learning the basics and enjoying it. Thank you for such incredible material, I really appreciate you guys, and of course, KZbin too is just simply awesome
@salatwurzel-43885 жыл бұрын
Hint: Just use incognito mode in your browser to never get caught. You're incognito when you use it so they will never find out who you are. Easy solution.
@romankrivocheev44345 жыл бұрын
Ur joking, right? :)
@salatwurzel-43885 жыл бұрын
@@romankrivocheev4434 Yes. But i saw some people in the wild who actually think that way :D
@ItsAstie5 жыл бұрын
Or just use Tor
@cameronjoseph59944 жыл бұрын
@@ItsAstie `would that work tho?
@TahsinAhmed-yj9ns4 жыл бұрын
On a serious note does using free vpn work?
@MrRolnicek8 жыл бұрын
Can you put this website somewhere out there on the internet? Because I'm SURE a lot of people watching this would love to try their own injections and have fun with it.
@bglobbi8 жыл бұрын
That would be pointless, first injection could be command to drop all tables and there would be nothing in the database and no fun for others. You can download XAMPP and create a simple database like this and do all queries like that inside web interface for PHPmyadmin on your own computer without even creating a separate website.
@sei-core8 жыл бұрын
well if he would put it up somewhere, it could be taken down pretty easily in seconds: someone drops all tables, and voila, you can't even do anything anymore. This is like putting a bottle out on the street for everyone to break, if someone breaks it at first, then noone else can do it anymore because it's already broken.
@MrRolnicek8 жыл бұрын
Yeah I realized very soon after posting that comment that it would have to be "refreshed" very often or just done so that it doesn't break for everyone and basically would be a pain in the ass to do.
@sei-core8 жыл бұрын
Actually you can write your own script to do it. It's really just basic coding.
@Schindlabua8 жыл бұрын
Check out hackthissite.org, they have some easy and some hard websites for you to hack into!
@abbasssharara23935 жыл бұрын
this is weak attack it can simply prevented by escaping chars or by creating sql stored procedures if you know how to use them.
@Jaydon055 жыл бұрын
Abbass: you'r right! That cross my mind too! :)
@matlilly87956 жыл бұрын
At one point, I created and maintained a server. You have to know how to crack your own system to know how to defend it. I launched campaigns against my server on a somewhat regular basis. Great explanation.
@keeperkai9996 жыл бұрын
that's why you use frameworks that do sql injection prevention for you, or simply just escape the input you throw to your database.
@MrMichaeledavis835 жыл бұрын
As a learning web developer that uses php and sql all the time, this is pretty creepy. Luckily I learned to sanitize my queries early on, but I need to learn more about how hackers might attack a website.
@harrisonharris69888 жыл бұрын
+Computerphile could you do a video on hashing/breaking hashes?
@michaelpound98918 жыл бұрын
Coming soon - using a 4x Titan X GPU server ;)
@jimkennedy45098 жыл бұрын
Usually you need to find out what type of hash they use. Then you could try a dictionary attack. Have a program try each word until the hashed value = the one you got.
@Chomboidas8 жыл бұрын
md5 :)
@4pThorpy8 жыл бұрын
I think you're misunderstanding what salting does, you can reverse lookup a hash by having a list of hashed common words/used passwords, lists of billions upon billions of possible passwords...what salting does is change each hash with a "salt". So having two of the same passwords would produce two different hashes, thus making reverse lookup a less likely decryption method.
@billy6538 жыл бұрын
Is this the actual Michael from the video. If it is I'm happy you're reading the comments. These videos have been quite refreshing on computerphile.
@jongeduard3 жыл бұрын
Yep, this is what we have SQL parameter solutions for, in many programming languages. To prevent that trouble.
@Salmontres2 жыл бұрын
I never knew Elijah Wood was so knowledgeable!
@christophernetherton93898 жыл бұрын
Insightful..Thank you for taking the time to go through it..Not a database guy but found it very interesting.
@deinemamainhd8 жыл бұрын
prepared statements ftw
@satviknema86295 жыл бұрын
"Iam doing this on my own website. So Iam giving myself premission". LMAFAOO
@stylz14 жыл бұрын
per
@Sharpless23 жыл бұрын
yeah it may seem like a joke but in reality breaking into your own house can land you in jail.
@satviknema86293 жыл бұрын
@@Sharpless2 wait wtf
@stefanjud63456 жыл бұрын
-> Dual is in fact an existing table, with just one column and row. The column is called dummy, while the content is just X. -> The INFORMATION_SCHEMA tables are shared with many other rdbms systems, to have a common schema for handing out information about the database.
@jamesoxford42605 жыл бұрын
Besides proper handling of user inputed text, SQL user and table permissions on the backend would help. For example, not querying with an account that has access to information_schema
@mericet395 жыл бұрын
Interesting and informative, but the other guy is almost as basic as "So, what's that in front of you? Is it a computer?"
@costafinkel4 жыл бұрын
Whats that, a text editor? And the letters that you type on this key device appears on it ? Fantastic !
@mbarekzacri49733 жыл бұрын
Maybe the best thing to do is to ignore the comment. Though, more better way of dealing with it is , maybe, to thank that "basic" guy for the work he is doing.
@R0bot43 жыл бұрын
@@mbarekzacri4973 he could do better thats what the comments wants to say
@almostcertainlynotapotato65283 жыл бұрын
Are you talking about Tom Scott?
@alokbaluni87603 жыл бұрын
He asked it for the audience. He run this channel. Obviously he would know about Sublime text.