Interested in supporting me and gaining early access to the Web Security Academy videos when they're recorded? Consider buying my course: academy.ranakhalil.com/p/web-security-academy-video-series! ✨ ✨

After recording the video, I realized the SQL payload can be much more simple. We don't need a CASE expression in order for it to work. The following is the alternative payload: ' || (select TO_CHAR(1/0) FROM users WHERE username='administrator' and SUBSTR(password,1,1)='a')|| '

Noticed that there were a couple people who were wondering why the solution for this lab uses concatenation: Doesn't matter what technique you use, this lab simply introduces a new technique that uses string concatenation instead of an equality check. You could just as easily do this lab using previous techniques. Eg. Instead of: '||(SELECT CASE WHEN (1=2) THEN to_char(1/0) ELSE '' END FROM dual)||' We could have: ' AND (SELECT CASE WHEN (1=2) THEN to_char(1/0) ELSE '' END FROM dual)=''-- Concatenation simply leads to a more simple solution in this case, so it is quicker to use.

Excellent video. My eWPT cert is in 4 weeks, so can't thank you enough for your videos & effort of quality educationally content you put out. Method I found I'm able to learn, regardless of it being tedious ( the method, not content ), it allows retention for those struggling with the information sticking, because this stuff is hard lol but you've done us a great service: Method: 1. Solo Attempt 2. Watch Video ( as a lecture ) 3. Re-Attempt ( still without video ) 4. Complete with Video ( side by side ) 5. 3rd Attempt (without the video )

I had hard time understanding why we still get an error while 1=1 and we have a user called administrator. Then you explained how SQL queries worked and bingo! I instantly understood! Thank you so much!!

Hi, can you please tell why did we need to use the concatenate operator in this case and why we didn't use the comment operator to ignore the apostrophe.

Great stuff Rana. I bought your course to support you! Thank you for your time on these videos...

I did the lab before this one called "Blind SQL injection with conditional responses". I didn't have to concatenate in that lab. I am not sure why concatenation was necessary in this lab. Can you explain?

Perfect, love your detailed explanations! Thank you ☺ 🙏

Thank you so much for these videos, they are easy to understand and learn!

Eagerly waited for your walkthrough

Great work, your videos are really helpful. I just didn't understand why you decided to concatenate? Is this an obvious move for Blind SQLi?

Amazing explanation of why the query for finding if the admin user exists works. Keep it up 👆 !

hi @rana Khali, I do watched your basic video, in previous video we used conditional responses and now we are using different one., can we use old method as well?

Hey, I have a question. Since in this case it's an Oracle database, not knowing the syntax, after having found the parameter vulnerable to injection and having made sure that it was vulnerable by seeing if it interpreted what was passed as a query, I passed everything to the sqlmap obviously specifying the injection point, is this a good thing in your opinion?

Salamu Alaykoum Rana how are you? what an amazing walk through you make it as it was so easy! Unbelievable skills. Thank you by the way. Do you recommend learning SQL? I don't have much SQL Knowledge. Thank you again.

Hi, Ms. Khalil. Can you help me figure out the difference between conditional response and conditional errors in SQL Injection, please? This confused me. Thanks.

i barely understood the logic of this kind of sql injection in Oracle ...but what i would like to know if there is the same trigerreing errors for sql database ?

It will be really helpful if you could make a video to get a clear idea on DOM xss

Hey Rana, Thanks for that amazing video explanation! Can you please explain how the function of 'TO_CHAR' is manifested on the query?

Underrated channel👏

Thanks for this Ms.Khalil

nice explanations , waiting for the rest of the videos also

Why cant we follow the same steps here what we follow in Blind SQLi with conditional response , because the difference of conditional error and response is that there if true we get WELCOME message else NO MESSAGE but here if true NO ERROR else ERROR. TYIA

did you just reupload this?

tks, amazing video!!

someone can explain to me why this challenge don't use this -- at the end of a sentence like other challenges

Great video. Its really refreshing listening to a female voice in pentesting videos. So much nicer on the ears :) Also your explanations are on point and simple to understand. Keep it up :)

Here's a very peculiar error- '|| (select CASE WHEN (1=1) THEN TO_CHAR(1/0) ELSE '' END FROM users where username = 'administrator' and LENGTH(password>100) ||-- Using comments at the end with the concatenation doesn't work. However what does work is using comments without the concatenation string: ' || (select CASE WHEN (1=1) THEN TO_CHAR(1/0) ELSE '' END FROM users where username = 'administrator' and LENGTH(password>100) -- Anyone know why that is?

How i'Know the Type of database ?

can someone explain me the significance of ' ' not ' please i am confused in that

Great!

08:30 i didn't understand why it doesn't work without rownum and why we used the rownum=1

Hi Rana Thanks for sharing such helpful videos but I need your help with this challenge I am using the below query to find the password length ' || (select CASE WHEN (1=1) THEN TO_CHAR(1/0) ELSE '' END FROM users where username = 'administrator' and LENGTH(password>1) || ' || (select CASE WHEN (1=1) THEN TO_CHAR(1/0) ELSE '' END FROM users where username = 'administrator' and LENGTH(password>50) || In both cases I am getting 500 response I am following the same steps which you have did in this video, can you please help me in this issue

how to exploit database MYSQL ? please give me video for exploit database mysql 🙏

it took me three days to solve this lab😅😅😅

we can perform this attack's using ffuf tool

Why are your using solutions that go more inline with what the labs are teaching. There’s no way a beginner is going to know all of these different commands you are using.