SQL Injection - Lab #8 SQLi attack, querying the database type and version on MySQL & Microsoft

Рет қаралды 51,076

Күн бұрын

In this video, we cover Lab #8 in the SQL injection track of the Web Security Academy. This lab contains a SQL injection vulnerability in the product category field. To solve the lab, we perform a UNION based SQL injection attack that queries the database type and version on Microsoft and MySQL databases.
▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬
Buy my course: academy.ranakh...
▬ Links ▬▬▬▬▬▬▬▬▬▬
Detailed Video: • SQL Injection - Lab #8...
SQL injection Lab #7 video (previous video): • SQL Injection - Lab #7...
SQL Injection | Complete Guide (theory video): • SQL Injection | Comple...
Notes.txt document: github.com/rkh...
Web Security Academy Video Release Schedule: docs.google.co...
Web Security Academy: portswigger.ne...
Rana's Twitter account: / rana__khalil

Пікірлер: 38

@RanaKhalil101 3 жыл бұрын

Interested in supporting me and gaining early access to the Web Security Academy videos when they're recorded? Consider buying my course: academy.ranakhalil.com/p/web-security-academy-video-series! ✨ ✨

@haseebnujum636 3 жыл бұрын

Don't stop teaching ✨️😘

@0xRh1d0Y 3 жыл бұрын

Continue the series! love it! please next playlist must be xss 🖤

@kaydubj 3 жыл бұрын

Very thorough. I appreciate your approach.

@MrZoomPC 2 жыл бұрын

if anyone is having trouble with this is at the end if null-- or null# doesn't work try null--+ the + is a space

@shacovikflores422 2 жыл бұрын

Thank you so much! I was on this lab for hours!! Youre a life saver!

@viral_codes 2 жыл бұрын

Thank you so much !!!!

@harshas8399 2 жыл бұрын

thanks man

@rodrigop3ixot0 2 жыл бұрын

Not all heroes wear capes, thanks man

@Caboose1396 Жыл бұрын

Also, trying to type # in your browser url won't work. Replace # with %23 if you're doing this in browser url bar. For example ' ORDER by 1# would be ' ORDER by 1%23 This is due to url encoding, which can't process certain symbols, so if you're bashing your head against a wall during this exercise like I was, this might be why. Alternatively, you can achieve the space after -- in the browser url by %20, which the url will read as a space. I tested both, and both worked.

@mustang... 3 жыл бұрын

At 7:02 you can see that there is only one database that utilizes # character for comments, also: "In MySQL, the -- (double-dash) comment style requires the second dash to be followed by at least one whitespace or control character (such as a space, tab, newline, and so on)."

@MuhammadAmir-ns7hl 3 жыл бұрын

Amazing work, please continue series on other labs, Thanks in Advance

@BR45SIC 3 жыл бұрын

Супер! Большое Вам спасибо!

@Frizte Жыл бұрын

Love your lessons from Vietnam

@LinuxSploitOfficial 3 жыл бұрын

Great Content♥️

@ilovevaycay 3 жыл бұрын

Well done Rana!

@mahditabatabai9458 3 жыл бұрын

tnx rana .love u 🙏🙏

@semihozdmirr 3 жыл бұрын

Will there be other contents like XSS,SSRF etc..

@iqbalhack1013 3 жыл бұрын

Try using 'ORDER BY 2; -- - IF ORDER BY 2# ORDER BY 2-- Does not work

@jagadkresna9084 3 жыл бұрын

Try : ' ORDER BY 2%23 because url-encoding of # is %23

@commentor93 3 жыл бұрын

Thanks a lot for mentioning it. Now it worked. What is the combination ;-- - usually used for? And could you explain, why the others might not be working?

@dougarnold9337 10 ай бұрын

I tried completing the lab without Burpsuite, but found that no matter what, I could not use the information I learnt in previous labs with this lab (ie the injection payloads that worked in previous labs would not work with this lab, such as determining the number of columns). For example, if I were to manually enter the SQLi -- > ' order by 2# , etc, this would not give the same result that is in the video. Even doing the --> 'UNION SELECT 'a', 'a'# (ie EXACTLY what you wrote in your notes), does not give me any results, and just gives me an internal server error. What am I doing wrong?

@zapzapfun2421 7 ай бұрын

'+UNION+SELECT+@@version,+NULL--+

@uhh1282 Жыл бұрын

I have one question regarding this lab. So basically I was able to solve the labs before this lab in the browser only but this lab wasn't responding accordingly in the browser even if I was injecting the correct payload and worked perfectly with the Burp-Suite with the same payload. I want to know the reason behind this :)

@shreyashkashid6190 Жыл бұрын

same me too, i wanna know why, let me know if you find out

@mustafaanas5991 3 жыл бұрын

Thanks for this thorough explanation Rana! This is amazing. Quick question. I see sometimes the URL encoding of the query is way different and hard to anticipate. What does that depend on exactly? is it up to the browser to encode the text as it wants or the programmers manually encode and decode their queries? and if so, how does burp suite knows how to encode queries properly?

@zy7236 3 ай бұрын

I noticed this lab you can not do it on website, you can do it on Brup. but why? Is it because how different DB engine (MySQL) in this case handle URL encoding differently?

@mahditabatabai9458 3 жыл бұрын

rana why a single space after double dash doesnt comment but when i use tab it comments ?(in mysql )

@NethaxStark Жыл бұрын

The comment for the microsoft database also -- why you wrote the # there

@alhakay010 2 жыл бұрын

thank you , how did you know that the charracter is not -- and it's # ? it can be another charracters like ^ $ * / ....

@Ram-jx8uw 2 жыл бұрын

Typing straight into the browser doesn't work. must url encode properly. if not using burpsuite, can just google url encoder online and encode the sql command there before appending it to the url. thanks for the video!