SQL Injection - Lab #4 SQL injection UNION attack, finding a column containing text

  Рет қаралды 15,341

Rana Khalil

Rana Khalil

Күн бұрын

Пікірлер: 26
@RanaKhalil101
@RanaKhalil101 3 жыл бұрын
Interested in supporting me and gaining early access to the Web Security Academy videos when they're recorded? Consider buying my course: academy.ranakhalil.com/p/web-security-academy-video-series! ✨ ✨
@roastedChick3n
@roastedChick3n Жыл бұрын
For the viewers who's wondering what's the datatype used in column1 and column3. The column1 is using int datatype, I think column1 is referring to id number of the product and for column3 it's using decimal datatype which is used in prices. You could try this SQLi attack: ' UNION select 1, ''a", 1.2-- This will evaluate to true because we identified the datatypes correctly.
@nishantdalvi9470
@nishantdalvi9470 11 ай бұрын
We can UNION columns of different data types in majority of SQL databases like MySQL, SQLite etc there are only few DBMS like Microsoft access and Db2 which doesn't gives Unioned columns output because those columns have different data types so can we assume that in this lab one of these two DBMS are taken in use ?
@damianhamilton4681
@damianhamilton4681 3 жыл бұрын
Great stuff! Well organized lesson pattern as usual, and the scripting work at the end is highly appreciated.
@mostafasayed2783
@mostafasayed2783 11 ай бұрын
جزاكى الله خيرا ونفعك وزادك من فضله فى الدنيا والاخرة بأذن الله
@fusillator
@fusillator Жыл бұрын
Hi thanks for the fun videos, there's a little typo, if the lab is not already solved your code will always find the hardcoded string in the hint paragraph.. anyway a really easy fix is using the return code or searching for the error message inverting the match searching for 'Internal Server Error' not in r.text or using soup.find_all("th", string=stringa) as condition
@sid076226
@sid076226 3 жыл бұрын
super helpful tutorials Mrs. Rana.... looking forward to more portswigger lab solution videos by you!!
@hackandmove
@hackandmove 3 жыл бұрын
Rana, thank you so much for these lessons. I hope you get to more of these long versions.
@hunt3razad
@hunt3razad 3 жыл бұрын
Great tutorial thanks rana
@ДмитрийКузнецов-я4д
@ДмитрийКузнецов-я4д Жыл бұрын
This is truly gold, thanks a million
@cybersec-radar
@cybersec-radar 3 жыл бұрын
Very very helpfull.... Thanks alot
@md_daud
@md_daud 2 жыл бұрын
Script time is very exciting
@sudipdutta9349
@sudipdutta9349 3 жыл бұрын
Very detailed video.I liked ur explanation...Keep uploading such contents👍👍
@rodrigoa.cascao1553
@rodrigoa.cascao1553 Жыл бұрын
Very good class!
@fairchild9able
@fairchild9able 3 жыл бұрын
Great Job Bud ! :-)
@randriamahandryrado9800
@randriamahandryrado9800 Жыл бұрын
Hi, first thank you for this great tuto. But i don't understand why you don't have to use URL encoded in the second request when finding thé column type ?
@nishantdalvi9470
@nishantdalvi9470 11 ай бұрын
We can UNION columns of different data types in majority of SQL databases like MySQL, SQLite etc there are only few DBMS like Microsoft access and Db2 which doesn't gives Unioned columns output because those columns have different data types so can we assume that in this lab one of these two DBMS are taken in use ?
@tmeerkais7191
@tmeerkais7191 3 жыл бұрын
thank you it was helpful , but i get error everytime i try to run the program , but i guess this is not problem with the code , its just with my pc
@siemens_c65
@siemens_c65 10 ай бұрын
thanks for the video, but apparently something has changed on the site and now, even with an error of 500, there is a mention in the response body of the line that needs to be received and therefore the script says that it found the text in 1 column
@はてな-p3b
@はてな-p3b 8 ай бұрын
Hi, please refer to @fusillator 's comment. So, enter the following from line 28 if "Internal Server Error" not in res: if string.strip('\'') in res: return i Or, temporary workaround. First, set the web page to "solved". Then run the script.
@freeearning984
@freeearning984 2 жыл бұрын
thanks for tutorial
@captainnitin9627
@captainnitin9627 11 ай бұрын
In lab 4 I will get some error like an error occurred.we apologise for the inconvenience help me
@sto2779
@sto2779 Жыл бұрын
Programming this was tricky and interesting (using C code)...
@panachaiboonyoo1553
@panachaiboonyoo1553 Жыл бұрын
Great !!!!!!!
@LeslieJhe
@LeslieJhe 2 ай бұрын
I love your videos but you waste too much time going over what you did in the last video, maybe you are doing it to make your videos longer but it is indeed time wasting.
Как Ходили родители в ШКОЛУ!
0:49
Family Box
Рет қаралды 2,3 МЛН
КОНЦЕРТЫ:  2 сезон | 1 выпуск | Камызяки
46:36
ТНТ Смотри еще!
Рет қаралды 3,7 МЛН
SQL Injection | Complete Guide
1:11:53
Rana Khalil
Рет қаралды 265 М.
Discover LlamaIndex: Joint Text to SQL and Semantic Search
20:08
Learn Database Normalization - 1NF, 2NF, 3NF, 4NF, 5NF
28:34
Decomplexify
Рет қаралды 2,1 МЛН
Database Sharding and Partitioning
23:53
Arpit Bhayani
Рет қаралды 106 М.
Exploit SQL Injection to Retrieve Admin Password
9:42
TraceTheCode
Рет қаралды 8 М.
SQL Injection Tutorial For Beginners
14:54
TraceTheCode
Рет қаралды 2,2 М.
Time-Based Blind SQL Injection!
12:17
Intigriti
Рет қаралды 23 М.
Как Ходили родители в ШКОЛУ!
0:49
Family Box
Рет қаралды 2,3 МЛН