Find and Exploit NoSQL Injection

Рет қаралды 17,456

The Cyber Mentor

Күн бұрын

Пікірлер: 27

@fedfinancial Жыл бұрын

Fantastic instructor, clear and to the point!

@roruphotography Жыл бұрын

I love this video so much! Simple and clear instructions! So easy to follow for someone like me just starting to dabble into the SQL world!

@hackvlix Жыл бұрын

and not artificially inflated to 30 minutes 😉

@Mohamad_El_Jammal Жыл бұрын

I did use the same method and payload in stocker htb today lol great job

@chibikoto Жыл бұрын

I could listen to an audible by Alex any day.

@djemel366 Жыл бұрын

Me too for real.

@xinhuang0 Жыл бұрын

Now I know how to inject. Thank you Alex!

@youcef2851 Жыл бұрын

thank you sir , i Wonderd if is it possible to make the video longer and cover two or more subjects , we are always ready for more really

@denisvoroshilov2682 3 ай бұрын

Excellent! Incredible!

@nickg.7275 Жыл бұрын

Nice videos. I like this "short video" format.

@NiyaDarlin Жыл бұрын

Thank you 🎉

@h1dz257 Жыл бұрын

Increase you mic volume, my speakers are almost at max.

@karthiklingala5673 Жыл бұрын

Please make a video on IDOR vulnerability

@norsalam9302 Жыл бұрын

Thank you

@matthewclark7911 Жыл бұрын

Good video

@felixhar6782 Жыл бұрын

Hey Heath Adams, I am looking forward to buy your courses because I want to become a very good Ethical Hacker. In your Video "How to become an Ethical Hacker: Edition 2023" you said, that you need to know the basics. What should I need to learn before starting your course? Or can I start your course with 0% of knowledge. I never have worked in any IT filed. How can I learn the basics from you? Kind regards

@ZenMaster332 Жыл бұрын

Best!

@danishazizkhan6099 Жыл бұрын

Teach me i am Hungary

@bymartin29597 Жыл бұрын

Hello, nice video. This only works if the password not encrypted? Since if you ask for the user and the query grabs the encrypted password it should try to encrypt it "again" in order to check if it is valid right?

@wer_gumizz1012 Жыл бұрын

How do you protect the application against this attack ?

@LuminousWhispers11 Жыл бұрын

I haven't seen this type of injection (SQL Injections are more common), but the recurring theme when it comes to injection attacks is input validation.

@albertobarbieri8280 Жыл бұрын

I'm practicing nosql injection to solve some HTB CTF but I don't undestand why you converted it into JSON. Can you explain me this? On the Internet I see that converting can help abusing Nosql injection. But why? thanks :D

@angeleeh Жыл бұрын

I think its because mongodb uses json and stores everything as key value pairs, just like json

@hammadalvi5705 Жыл бұрын

Hi. I need Realistic and Practical advice. U seem pro. Love your videos. I'm 32, I modifying OS Win & Android, tweaks etc. E.g after trying for 4 days, I created a tweak to Disappear (PowerOffMenu) from my phone's LockScreen, without rooting it. (Telling you this so you know, I'm not hacker but I know how to use computer lol) I know AutoHotKey n few dos & Linux commands. Basically, I'm ZERO at real hacking. So, What should I do first? (A) Get used to Kali? (B) Learn Python? (C) Java? Where should I start so I can see some results also.

@fathersoftweakersfazerfrea7315 Жыл бұрын

Start with the basics. Also depends if you want to do web apps, I would suggest to focus on the following first: html,javascript, cookies, json, databases (sql and nosql),networking (basic networking, different types of requests like post/get etc). Linux commandline (grep,awk,curl etc) Get used to a proxy like burp or zap to intercept requests. Python and Bash scripting next. Then watch a good methodology, i would recommend Jason Haddix his video's to get a proper workflow 😉 After that get ready to deepdive in whatever area you are most interrested in and get really good at that, after that you can diversify.