SQL Injection - Lab #10 SQL injection attack, listing the database contents on Oracle
Рет қаралды 26,603
Күн бұрынIn this video, we cover Lab #10 in the SQL injection track of the Web Security Academy. This lab contains a SQL injection vulnerability in the product category field. To solve the lab, we perform a UNION based SQL injection attack on a Oracle database that retrieves the usernames and passwords of all users of the application.
▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬
Buy my course: academy.ranakh...
▬ Links ▬▬▬▬▬▬▬▬▬▬
Notes.txt document: github.com/rkh...
Long video: • SQL Injection - Lab #1...
SQL injection Lab #9 video (previous video): • SQL Injection - Lab #9...
SQL Injection | Complete Guide (theory video): • SQL Injection | Comple...
Web Security Academy Video Release Schedule: docs.google.co...
Web Security Academy: portswigger.ne...
Rana's Twitter account: / rana__khalil
@RanaKhalil101 3 жыл бұрын
Interested in supporting me and gaining early access to the Web Security Academy videos when they're recorded? Consider buying my course: academy.ranakhalil.com/p/web-security-academy-video-series! ✨ ✨
@落珰 Жыл бұрын
Interested, I will support you when I work
@TimHerbert509 Жыл бұрын
I swear the first real bug bounty I get for sql injection I will donate some money. That trick for 'order by x-- is such a time saver!
@bellazzidavid 11 ай бұрын
Hello, my name is David and I am writing to you from Argentina. I wanted to tell you that all the content of your channel is super useful and interesting. Also everything is very well explained. I wanted to thank you for providing your conociminetos, I can imagine all the work behind that must be done to upload all this content. I am preparing for the BSCP with your videos and they are very helpful. Thank you very much for your work, Greetings!
@richkell1653 3 жыл бұрын
Hi Rana, just enrolled in your course. I was going through the Web Academy by myself however it just wasn't melding with my ageing brain ha. So am going back to the start again with your course. Why did I buy your course? 1 minute in and your very pleasant voice convinced me that I could listen to you for hours on end whilst learning :) Good luck to you Rana and thanks for the course.
@bigkaspi 2 жыл бұрын
Rana, thank you for this video. Helped me work through a box in OSCP labs and I have a much deeper knowledge of SQLi and Oracle syntax now. Much appreciated!🤘🤘🤘
@eye21021 6 ай бұрын
10:41 can we inject [select *] query directly then manupilate the data?
@sviatoslavbaranov8585 2 жыл бұрын
Thanks for your hard work, Rana!
@abdulx01 3 жыл бұрын
Wow, Awesome ! Thank You Rana
@MidnightSpecter43 6 ай бұрын
1) is there any way in which we can combine multiple row result in one row ?? 2) how to get all database name or schema name in oracle ??
@watchlistsclips3196 3 жыл бұрын
Keep making videos on hackthebox oneday.Ur medium hackthebox writeups are awesome.
@aungkyawminnaing7011 3 жыл бұрын
I am facing bad request error although i added same query. Whatever thanks u ! Your explaining style and video quality are so good...
@ayushgoyal1663 3 жыл бұрын
I was also facing it , but it works, try it with more precisely , and look for gaps or url encoding is proper
@sujitakulwar2091 2 жыл бұрын
@@ayushgoyal1663 i am facing bad request error how did you solved
@keromagdy1803 3 жыл бұрын
good job ,Rana
@mohdsadamainasara7396 2 жыл бұрын
Can you please make a Video demo on Oracle SQLi in POST form not GET, SQLi to RCE, Thank you
@amrkhaled1863 3 жыл бұрын
Thank you Very Much
@ayushgoyal1663 3 жыл бұрын
Can we use union with knowing the column ,like ' union select * from users limit 1 ,in username section , Its a pico ctf question web gauntlet ,pls answer
@mustaquemsheikh572 3 жыл бұрын
Love you sister always support you #i_stand_with_palestine
Rana Khalil
Рет қаралды 10 М.
Двое играют | Наташа и Вова
Рет қаралды 48 МЛН
Rana Khalil
Рет қаралды 3 М.