SQL Injections are scary!! (hacking tutorial for beginners)

Рет қаралды 1,395,412

Күн бұрын

Is your password for sale on the Dark Web? Find out now with Dashlane: www.dashlane.com/networkchuck50 (Use code networkchuck50 to get 50% off)
In this video, we’re learning one of the oldest, yet most dangerous Hacking Techniques out there, SQL Injection. Despite SQL Injections being over 20 years old, they still rank number 3 on the OWASP Top 10 List….why? Even fortune 500 companies are still vulnerable to these attacks!! So, in this video, NetworkChuck will show you how to run an SQL Injection attack. Running a basic SQL Injection attack is pretty easy but will often become more complex with trickier targets.
Stuff from the Video
---------------------------------------------------
TARGET SITE (Altoro Mutual): demo.testfire.net/index.jsp
MORE practice: play.picoctf.org/practice/cha...
How to protect against SQL Injection attacks: www.crowdstrike.com/cybersecu...
🔥🔥Join Hackwell Academy: ntck.co/NCAcademy
**Sponsored by Dashlane
SUPPORT NETWORKCHUCK
---------------------------------------------------
➡️NetworkChuck membership: ntck.co/Premium
☕☕ COFFEE and MERCH: ntck.co/coffee
Check out my new channel: ntck.co/ncclips
🆘🆘NEED HELP?? Join the Discord Server: / discord
STUDY WITH ME on Twitch: bit.ly/nc_twitch
READY TO LEARN??
---------------------------------------------------
-Learn Python: bit.ly/3rzZjzz
-Get your CCNA: bit.ly/nc-ccna
FOLLOW ME EVERYWHERE
---------------------------------------------------
Instagram: / networkchuck
Twitter: / networkchuck
Facebook: / networkchuck
Join the Discord server: bit.ly/nc-discord
0:00 ⏩ Intro
0:39 ⏩ Sponsor - Dashlane
1:43 ⏩ How Websites work with Databases
2:08 ⏩ What is a SQL Injection??
2:51 ⏩ Strings in SQL Queries
3:25 ⏩ Is a website vulnerable to SQL Injection?
4:14 ⏩ SQL Query Logic
4:45 ⏩ the OR SQL Injection Payload
7:13 ⏩ the COMMENT SQL Injection Payload
8:42 ⏩ how to protect against SQL Injections
AFFILIATES & REFERRALS
---------------------------------------------------
(GEAR I USE...STUFF I RECOMMEND)
My network gear: geni.us/L6wyIUj
Amazon Affiliate Store: www.amazon.com/shop/networkchuck
Buy a Raspberry Pi: geni.us/aBeqAL
Do you want to know how I draw on the screen?? Go to ntck.co/EpicPen and use code NetworkChuck to get 20% off!!
#sqlinjection #owasptop10 #sqli

Пікірлер: 2 200

@NetworkChuck Жыл бұрын

Is your password for sale on the Dark Web? Find out now with Dashlane: www.dashlane.com/networkchuck50 (Use code networkchuck50 to get 50% off) Stuff from the Video ------------------------------------------------- TARGET SITE (Altoro Mutual): demo.testfire.net/index.jsp MORE practice: play.picoctf.org/practice/cha... How to protect against SQL Injection attacks: www.crowdstrike.com/cybersecu... 🔥🔥Join Hackwell Academy: ntck.co/NCAcademy 0:00 ⏩ Intro 0:39 ⏩ Sponsor - Dashlane 1:43 ⏩ How Websites work with Databases 2:08 ⏩ What is a SQL Injection?? 2:51 ⏩ Strings in SQL Queries 3:25 ⏩ Is a website vulnerable to SQL Injection? 4:14 ⏩ SQL Query Logic 4:45 ⏩ the OR SQL Injection Payload 7:13 ⏩ the COMMENT SQL Injection Payload 8:42 ⏩ how to protect against SQL Injections

@notthatbad8844 Жыл бұрын

Cool

@saikota27 Жыл бұрын

admin' OR '1' = '1 IM IN👿

@xeonzero1 Жыл бұрын

that's spam

@notthatbad8844 Жыл бұрын

@@saikota27 lol

@ShaneWelcher Жыл бұрын

Logged into your test website with ease after watching this video. I am going to use this video has a best practice for how to program better to limit possible attacks that are this simple. I used: admin'-- Password123 You have to enter in a password even if it is wrong...that is part of the form.

@shepherdmhlanga1659 Жыл бұрын

I know the website was made vulnarable on purpose but I feel like a legend right now 😂

@NetworkChuck Жыл бұрын

Same.

@Jordan-vz7kt Жыл бұрын

@@NetworkChuck I did it. This is so cool. How do you do this with other websites that isn't vulnerable.

@hardscope7744 Жыл бұрын

@@Jordan-vz7kt he won’t tell you that it’s not legal bro

@hardscope7744 Жыл бұрын

@@Jordan-vz7kt he won’t tell you that it’s not legal bro

@scott32714keiser Жыл бұрын

Still fun

@nFire Жыл бұрын

As a computer science engineer I really thank you for your work here on youtube. Your ability to make people understand cyber security is unique, passionate and wonderful. Thank you from the bottom of my heart. - An 🇮🇹 engineer

@lleonix Жыл бұрын

yee ciao dani!! ingegnere di fiducia

@antonioroldi451 Жыл бұрын

Ma guarda chi si vede

@MK-D-O Жыл бұрын

Nope, not "an it engineer", just say nFire, it's self explanatory! (btw you should talk about it too)

@MK-D-O Жыл бұрын

@@antonioroldi451 proprio quello che ho pensato

@ekieinvento4871 Жыл бұрын

Hello sir. Can you hack my gmail acc? I forgot the password. The number is not available also.

@autrypickens1736 Жыл бұрын

When I started watching your videos I was a security guard making about $13/hr. Last year I became the lead help desk tech at my community hospital and made over $60k. I only have some community college credits and the A+ cert. IT has changed my life!! I highly recommend this field. Now I'm working on the Sec+ and getting ready for Tier 2 opportunities. Thank you for the inspiration over the years! cheers ☕

@sanicspeed1672 3 ай бұрын

How much did you make per year when you worked 13/hr?

@tempoclasse2907 2 ай бұрын

I can't tell if this is a automated bot response you would find under chucks videos or someone Givin their real life testament.

@Anifix123 Ай бұрын

Bro I wud have made $112 , 220 if u got $13/hr u clearly scammed urself or u meant to say $13/day

@guyfromhesse-hannau6625 Ай бұрын

@@Anifix123 One man can't possibly keep guard 24/7 for an entire year can he?

@TimeForTechAarush Ай бұрын

A true legend

@methanesulfonic Жыл бұрын

That visual on the sql query REALLY helped me understand these concept. I cant thank you enough for this

@GilesMurphy Жыл бұрын

As usual, your videos are insightful and accurate. I have always struggled to explain this to people, but now I will just send them to your video. I was able to log in to your target sight by the way.

@VictorSamson-ds8xy 6 ай бұрын

One of the reasons I love this guy's work. Explains everything so well and still gives us a site to practice on

@ChrisRid 11 ай бұрын

I loved that demo, what an awesome idea and a great way for people to get involved and try things out in a safe and responsible way. Made me smile :)

@TwilightWolf285 Жыл бұрын

For the bonus question, it is possible to login without knowing the username by using the following input: ' or 1=1-- This query returns the first user in the database as validation for the username field, because 1 does in fact equal 1, while ignoring the request for a password due to the comment at the end.

@ThisGuy.... Жыл бұрын

is this because the 1 in the query without '' references position in table instead of String? tried it with the '' but wouldnt work...

@keeganhenderson24 Жыл бұрын

What if the site doesn’t allow you to enter special characters like “ ‘ =

@grantcapel9884 Жыл бұрын

@@keeganhenderson24 then they are safe against this sql injection. Most sites are, but if you find a crappy self-coded one, you may be able to get in

@ibockie9633 Жыл бұрын

@@keeganhenderson24 thats why most sites dont allow u to bc of that reason

@developer_hadi Жыл бұрын

@@keeganhenderson24 If they don't allow that on the serverside then they're safe, but if they don't allow that only on the frontend and they're using something like node js, you can get the url of the endpoint they are sending the request to, and then you send a request to that url and tadaaaa 🎉

@jiminietimber Жыл бұрын

We just covered this in class. This was explained SO WELL.

@zaccampa4055 Жыл бұрын

He does explain it way better than most professors for sure.

@sourabhsingh5051 Жыл бұрын

Hey buddy I want to learn hacking Which class Plzz enlighten me

@vaniad555 Жыл бұрын

@@sourabhsingh5051 hackthebox

@tommyshelby6277 11 ай бұрын

@@sourabhsingh5051 get a computer science degree bro, it covers it all

@sourabhsingh5051 11 ай бұрын

@@tommyshelby6277 to bad I'm in med school

@stemgerlamo599 Жыл бұрын

Chuck you are killing it, thanks for sharing and we really appreciate the way you helping

@ra4okdev29 Жыл бұрын

This video was such a cool one, man! You explained all of this stuff SO WELL

@tiqo8549 Жыл бұрын

I've built a ton of login systems with php/sql. I had to learn the hard way that it was not so easy. You explained it in a way that just take 10 minutes of a starting backend programmer to review his code. There are plenty of ways to prevent this all from happening..you just have to know where to start. Thank you for the explanation!

@sukyamum1117 10 ай бұрын

*hacker sniper50 official page* *I have noticed how punctual you’ve lately keep up the good work* 🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸

@ancestrall794 Жыл бұрын

It's really nice that you offer a lab for people to practise, it really feels rewarding to achieve it even if this is just the basics of SQL injections, it's satisfying (+ apparently the website told me I received 80000$ so i'm pretty confortable right now)

@TimberWolfCLT Жыл бұрын

I love the way that you explained this. I'm retired now but was a software engineer and was always getting the "deer in the headlights" look from other developers when I'd warn about SQL injection.

@modables Жыл бұрын

stop working with deer first of all

@jonahhorstmann 11 ай бұрын

One of the things that I use when coding an OS login system, is having the client send the Username and Password string to a server, and having the server lookup the Username string's ID and then going into a datastore with the key of the UsernameID and pairing it with the password string stored. This prevents attacks because it doesn't use Usernames to get the password pair, it has to lookup the string and find an ID in order for it to find a pair.

@weaver4usmc Жыл бұрын

Thank you so much for the content that you put out, you have launched me into a passion for cybersecurity. All of your videos are helping the community out in a positive way.

@cyberdevil657 Жыл бұрын

I love all of these videos!

@stevecochrane9531 9 ай бұрын

Thx! As a programmer, I usually escape quotes and other characters. Essentially, when a user adds a quote, in the username or password field, it is removed before the query is run. Using NoSQL databases can help prevent SQL injections, too.

@TheJeromemarkwick 3 ай бұрын

Fantastic and entertaining demonstration of how SQL Injection works. This can be very difficult to understand, but you have made it very easy. I love your videos. Keep up the good work!

@lazoblazo Жыл бұрын

literally what i asked for. thanks chuck. you are good youtuber btw

@lilybohr Жыл бұрын

As a computer science student all of your videos have been really helpful. But this one came just at the right time cause im doing a database class right now and learning about SQL.

@sebastian.-.5043 Жыл бұрын

Me too broski

@nagato6819 Жыл бұрын

I think you don't need to worry too much about that. I think these problems were detected before 2004 because in 2004 the prepared statements showed up. after that, from version 5.3.0 executing multiple queries in a single statement was disallowed by default and gave you an error.

@sukyamum1117 10 ай бұрын

*hacker sniper50 official page* *I have noticed how punctual you’ve lately keep up the good work* 🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸

@BrennerEraFan Жыл бұрын

The intro is amazing!!! I like how Chuck turns his head and the anonymous mask just stares into the camera :)!!!

@lecontaminent6012 Жыл бұрын

Tbh this guy's the most effective and chill teacher I've ever had definitely subbed

@shubhampatel6908 Жыл бұрын

Thanks for another amazing video Chuck. By the way I found, Altoro-mutual is also vulnerable for a cross-site scripting attack(XSS), probably you can make next video about it 😁

@hawanyamomahmath1489 Жыл бұрын

how exactly did you do the xss attack?

@shubhampatel6908 Жыл бұрын

@@hawanyamomahmath1489 inject HTML in any form

@thekeyboardwarrior1018 11 ай бұрын

@@shubhampatel6908 so, if I add HTML code that gets every user into the inputs does it work?

@shubhampatel6908 11 ай бұрын

@@thekeyboardwarrior1018 I didn't understand your query clearly, can you elaborate pls

@thekeyboardwarrior1018 11 ай бұрын

@@shubhampatel6908 I meant if I put in html code that returns all user accounts and their passwords will it work? Or do I have to make it a web request

@AC-pr2si Жыл бұрын

Chuck You are a great teacher.Thank you man.I hope that you will make more videos like this one in the future

@damonphagan5924 Жыл бұрын

Got it first try!! Thanks for the awesome work you do on here! I've been soaking up knowledge from your videos all day and have learned so much!

@bob-nz6wj Жыл бұрын

What did you use?

@nandalswanz 4 ай бұрын

im a total noob at any programming, but found it really easy to get into js and html, css etc. all this hacking stuff is so foreign to me so i really appreciate the breakdown you give in your vids!! i done the login thingy, so satisfying getting in LOL !

@jcbenge08 Жыл бұрын

OK SQL Injection attacks have eluded my understanding for so long, but the way you explained it in this video made SO MUCH SENSE and I was able to crack into that site on the 2nd try!!!! You are awesome Chuck, thank you for what you do!!!

@qasimalishahvlog Жыл бұрын

Can you help me?

@justtavi1238 Жыл бұрын

@@qasimalishahvlog username: admin'-- password: anything

@sukyamum1117 10 ай бұрын

*hacker sniper50 official page* *I have noticed how punctual you’ve lately keep up the good work* 🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸

@CoronaBorealis02 Жыл бұрын

just started a bachelors degree in computer networking thanks to you, keep up the great videos

@aryandeshpande1241 Жыл бұрын

Good luck with thag

@ricardosarapura9479 Жыл бұрын

So cute… but you never try be a developer?

@budstar9288 Жыл бұрын

Awesome demonstration! Pivoting into IT right now and can't wait to learn more stuff like this

@tmak4699 Жыл бұрын

ive watched a lot of your videos..this one got my attention..i dont care that the method is old...but now i see the power

@mrmovas Жыл бұрын

I really found this video very interesting! It would be awesome if you could make more videos about SQL injections because it helps us know all the cases where we need to secure our queries.

@Shaggidelic69 Жыл бұрын

what do you do if you don't know the sites username???

@joshuab113 Жыл бұрын

Does the websites see that they got SQL injected?

@sukyamum1117 10 ай бұрын

*hacker sniper50 official page* *I have noticed how punctual you’ve lately keep up the good work* 🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸

@In-ShaMbLeS Жыл бұрын

oh man I remember doing this back in elementary school way bad when everything was vulnerable to SQLi. this took me back as that exact query was what I used but mine had a bit added at the start 😉

@jasonboard5504 Жыл бұрын

First try, Now to check all of my internal servers and sites, but first I have to refill my coffee. Thanks for always making great videos!!

@lucascecconi258 3 ай бұрын

THANK YOU!! i was seeing a loyt of videos explaining how to avoid sql injection but not one explaining how to actually inject it (which is important to know how to avoid it). thanks a lot for the great explanation

@ElectroZ60 3 ай бұрын

I BROKE INTO THE WEBSITE IN LITERALLY 2 SECONDS

@saifullahiahmedshuaibu3741 Жыл бұрын

The way you explain IT stuff is breathtaking

@FallenxEmersed Ай бұрын

I was able to do both the OR and Comment payloads. Love your explanations and demo! Rock on. Sub'd! -8 years in Cybersec

@angryace5848 12 күн бұрын

Hi Chuck, just wanted you to know Cybersec was my most hated subject in college and you just made me like it

@marienitz567 Жыл бұрын

I'm currently in school for cybersecurity and I appreciate your videos so much! You are such an amazing teacher! Thank you!

@jenkinspcrepair Жыл бұрын

I was able to login as admin with the double dash technique. I had to create php/sql login scripts before trying to prevent injection hacks and this just gave a fantastic overview of the actual problem. Thanks Chuck great job 👍

@BusinessWolf1 Жыл бұрын

isn't it just a case of using template string for input?

@Shaggidelic69 Жыл бұрын

what do you do if you don't know the sites username???

@sukyamum1117 10 ай бұрын

*hacker sniper50 official page* *I have noticed how punctual you’ve lately keep up the good work* 🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸

@mordecai7030 6 ай бұрын

How??

@isaacjames4114 4 ай бұрын

i learnt all about Sql injection years ago but this video today made the penny drop and i got into that website really easy, you explained in such a way that is so easy to understand. thank you so much network chuck

@daviad9832 8 ай бұрын

it was fun, thanks. Been going through a bunch of security bugs at work. It's cool to see the stories I am going through are very justifiable.

@SDogo Жыл бұрын

Something that makes my gears spin is... why when someone speaks of sql injections, nobody ever mention that you can even create files in the host (server) with a malicious query.

@joost00719 Жыл бұрын

Or if your db is badly configured, gain control of a shell.

@wolfrevokcats7890 Жыл бұрын

Please, I would love to see more complex SQL injection techniques Chuck. Did I tell you[re a very good teacher? Kudos Network Chuck`

@theplant4046 Жыл бұрын

If you like SQL injection but you too lazy to memorize over 100 type of injection codes (there is alot of injections because there is alot of type SQL languages example MySQL/postgreSQL/LiteSQL/etc) just learn how to use *SQL map* tool built-in Kali Linux and Parrotsec OS If you don't know SQL map will brute force every SQL code

@ranglyscosta4067 Жыл бұрын

@@theplant4046 voce poderia me ajudar, estou um duvida

@Tudor8041 Жыл бұрын

Awesome information and awesome editing aswell. Thank you!

@gajdharsaif9521 9 ай бұрын

Bro. You are just crazy. I didn't see any tutorials on entire internet like you made.

@AbhinusWonderWorld Жыл бұрын

Super video Chuck Your videos are awesome and informative

@brianreacts8792 Жыл бұрын

@Steve Wallis BOT ⬆⬆⬆

@asanjeevak Жыл бұрын

Loved the way of your explanation. Never show an exception message on the UI that will help the user to guess next steps. Rest of all the precautions must be taken care.

@tradde11 Жыл бұрын

Good things to do is validate the input string going back to the server before it's sent. Always validate the input data going back BEFORE sending it.

@Shaggidelic69 Жыл бұрын

what do you do if you don't know the sites username???

@sukyamum1117 10 ай бұрын

*hacker sniper50 official page* *I have noticed how punctual you’ve lately keep up the good work* 🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸

@someonespotatohmm9513 7 ай бұрын

@@tradde11 How do you check things before sending it?

@tradde11 7 ай бұрын

@@someonespotatohmm9513 You don't. The web page (HTML or whatever) should do this in it's validation routine before sending the request. Make sure fields not blank or don't contain characters that should not be there. Stuff like that. Like a phone number is numbers and maybe dashes. It should not contain letters or special characters (example).

@handulewauka6977 Жыл бұрын

That's why it needs a validation function on the field input to check whether it contains certain operators or not

@morosis82 Жыл бұрын

The reason this type of exploit works so well is because people who think they basically get a computer program to craft an SQL string like they might in an editor exist. In a secure system there are a bunch of ways to protect against this, the two most common being parameterized queries, and using a function that escapes these chars so they can't be used to subvert the original query (basically turning them back into a plain string between the original quotes - there's a term for this but my brain isn't currently working). The other easy way would be to split the query, so you get by username then check the value that comes back in code. It should include a secure password using a one way encryption algorithm, so you'd encrypt the password from the user the same way and compare the result. In this way doesn't matter what you put as it gets encrypted. You still need to be careful but those will make it pretty hard to inject anything useful. Of course, you should also never ever send an error to the user that came from the DBMS. All of those errors in the example should have been masked with "something went wrong, please contact support" or the like.

@BootedTech Жыл бұрын

Great lesson to never allow SQL special characters as a usernames or password or in any other security input forms. Most website/database devs should encrypt the username and password, so hacking like this is not possible, which is how it should be, no clear text.

@Shaggidelic69 Жыл бұрын

what do you do if you don't know the sites username???

@movieshorts1177 10 ай бұрын

thats why sanitising the code is a must before using the values in a query. Using csrf token , parameterized queries and prepare statements would be prevent a basic and mediocre level attack

@VertyDaGenius Жыл бұрын

u make it seem super easy and explain it so well! ur the best!

@WithASideOfFries Жыл бұрын

Best explanation I've ever seen. So engaging and informative.

@geetheshbhat Жыл бұрын

Great video. Those who are wondering if this can be done on any website, then no. Most companies use ORM or SQL templates to execute SQL commands. Today most libraries and frameworks are developed keeping SQL injection in mind. For ex React, Angular, Spring Boot it won't work (as of now). Lastly, even if you succeed, there are honeypots placed.

@trixypirate6352 Жыл бұрын

Yeah! Just like WEP can be easily hacked today, but isn't used anymore precisely because of it. Hacks have an expiration date, but old hacks can teach us a lot about how to hack generally, enabling us to hack the WEPs of our day and time.

@TubbyFatfrick Жыл бұрын

This taught me more than my HS Cybersecurity class. Bravo

@ManiSeroa925 Жыл бұрын

You're the best dude, you make codeing fun again. - An Solutions Engineer

@seancrowley5716 Жыл бұрын

fantastic video! I'm a bit confused by what is happening to the single quote. Shouldn't the username of admin' OR '1' = '1' cause a syntax error as SQL would still see username = 'admin' ' (with two closing single quotes)?

@sh2870 Жыл бұрын

Actually No it won't, cause second closing quote is sifted at the end of username (here admin' Or '1' = '1_) You see where I'm putting underscore we need an single quote but we are not writing it in username cause the extra closing quote you mentioned will automatically work for it.

@codebul Жыл бұрын

Love You Chuck . You're the best .

@dersor3786 6 ай бұрын

the way you explain stuff is just magic I can say no more than you are gifted in teaching people

@HTMangaka Жыл бұрын

Thank you for making people aware of this obvious and very basic security hole with simple SQL systems. Maybe now more people will become aware of the glory that is bithashing. ^^

@wishIKnewHowToLove 10 ай бұрын

I tried this on one site and even though it didn't work, the site totally started malfunctioning

@minecraftify95 Жыл бұрын

A moment of silence to the chemists that thought SQL was a chemical substance

@harrierhawk2252 Жыл бұрын

lol

@Lil_frzy Жыл бұрын

i used to be like you

@minecraftify95 Жыл бұрын

@@Lil_frzy It didn't happen to me lol, I know SQL is query language

@Lil_frzy Жыл бұрын

@@minecraftify95 still i think its funny

@arcsaber1127 Жыл бұрын

I mean it is, you see at the start of the video that it can be injected into a person

@bryanbook6487 5 ай бұрын

Struggled to understand this concept till now, thank you!!!!

@unixweb_info 7 ай бұрын

Brother, great presentation of information for understanding. I'll take it for experience. 👍

@GGBeyond Жыл бұрын

I've been using prepared statements and stored procedures on my websites for over a decade. It's really surprising that SQL injections are still a problem considering how easy it is to be 100% immune to it. I watched this video to see if there was anything new that was introduced over the years, but nope it's still the same old stuff. Thanks for the video!

@orlandothemaker-vp9xu Жыл бұрын

The (--) comment query logged me in successfully!¡😂😂☝️😂😂😂😂

@GGBeyond Жыл бұрын

@@orlandothemaker-vp9xu Press X to doubt

@Shaggidelic69 Жыл бұрын

what do you do if you don't know the sites username???

@GGBeyond Жыл бұрын

@@Shaggidelic69 I would do nothing because it's not my problem.

@Shaggidelic69 Жыл бұрын

@@GGBeyond didn't say it was

@oswith972 Жыл бұрын

I vividly remember being in CS class years ago and long story short a buddy and I were storing a field into a table as is from user input without any sanitization, and the teacher started banging the table yelling NO, NO, NO! and then taught everyone about SQL injections and I remember it years later

@basharzain216 11 ай бұрын

Because of this video I was able to stop a huge vulnerability in my app. ❤ Thank you

@Guilhem34 Жыл бұрын

Often only ID is used in the query and password is compared in server aide using time resistant functions.

@jukenox Жыл бұрын

this is most likely exactly why websites don’t let you use special characters in your username.

@mmar5896 9 күн бұрын

I logged in with admin'--. Thanks for the teaching, now I know what is sql injection clearly

@markvincentlaboy8858 19 күн бұрын

Thanks for the practice, I just hacked the Altoro site using the admin' - -. I'm currently a student of Software Development and my cohorts and I are now learning some basic cybersecurity practices. Been following your channel for a few years now. I had a friend recommend me to your channel a long time ago. I remember the first video of yours I saw was an intro to python if my memory serves me right. Funny thing is after our mini cybersecurity course, next up for my class and I to learn is python. Thanks for the content and I'm happy for you and your channel!

@SeekingAjar 18 күн бұрын

I’m really struggling to get in. Probably making a silly mistake but please let me know how you got it to work (inc. the password)

@comedyclub333 Жыл бұрын

Signing in without a username is pretty easy, just leave the username empty as it validates to an empty string and the whole expression would take the first user anyway. Usually the first entry in the database is the admin user (you need a admin user first to set everything up), so it will just take the first user and log that in. One way to make your application more secure for that reason is to create an empty dummy user first without any permissions (in addition to preventing SQL injections by using an ORM of course). SPOILER BELOW The solution for the Altoro website is to input ' OR 1=1 -- as the username and some gibberish as the password (to deal with the password's input sanitization) If the password is needed (like for the Gold VISA application) it's just '--

@amoldhamale3202 Жыл бұрын

the second practice link (after MORE PRACTICE) does not work for me with any of these? Were you able to crack that?

@comedyclub333 Жыл бұрын

@@amoldhamale3202 Sorry, I did not try the second practice site, but I don't think this is a test site like the first one. I genuinely think this is a legit login page and you have to log in to "play".

@amoldhamale3202 Жыл бұрын

@@comedyclub333 Yeah lol I probably thought so too later. But chuck should mention that clearly otherwise people might try to hack a legit server, difficult as it may😅

@erglaligzda2265 Жыл бұрын

In query input looks like this? SELECT * FROM users WHERE username='' OR 1=1 --' AND password='gfdgfopdigdf'

@comedyclub333 Жыл бұрын

@@erglaligzda2265 Exactly

@midimusicforever Жыл бұрын

This shouldn't work but, sometimes it does. CHECK YOUR DAMN INPUTS, DEVS!

@SuperHXD 8 ай бұрын

Thanks for teaching about this Chuck btw your demo target site was vulnarable on purpose and was easily accesed with the SQL query of admin'-- and any password Thanks for teaching this!

@ayael Жыл бұрын

I really like, love your courses ❤️

@CookieMaster Жыл бұрын

Very cool!

@gUm_bY745 Жыл бұрын

How can you view that syntax error info like in the example where there is an extra quotation?

@paradox1516 Жыл бұрын

Most of the time the server would print some data, redirect you, or give you a straight up error message.

@azurola 9 ай бұрын

this was pretty awesome to do, i never knew things like this were so simple

@Zeo_Kana Жыл бұрын

glad the website is still available. I managed to get in. we actively make sure we're not suseptable to sql injection. its easy to avoid so theres no real reason to get hacked in this way.

@PineAppleLogic Жыл бұрын

Lol I didn't even get to SQL inject on the target, my first guess of the username and password was right 🤣

@brandonv9039 Жыл бұрын

ikr lol IYKYK

@vadiraj8023 Жыл бұрын

Hi i am little confusion if there is no id number in url how can perform sql injection on url

@KatoFFR Жыл бұрын

yeah just did it to have fun cause i already know pentesting and networking but the video you make just put a smile on my face you made me laugh and its good thanks for your content ! :D

@InfinityBS 13 күн бұрын

I love how it is so easy to hack yet so easy to fix.. all the website can do is limit those extra characters such as quotes in the username input section

@Nixukee Жыл бұрын

Nice video im big fan of you

@stevelucky7579 Жыл бұрын

Great video as always. Do you know of any websites or ways I can practice phishing attacks legally? I like the idea of being able to maneuver through my opponent’s head to get them to do something, and if I can troll them by getting a Rick roll to pop up I think it’d be funny 😆 Edit: autocorrect

@joshuaoakley7542 Жыл бұрын

Phishing is only illegal if your intentions are illegal. But the nature of websites is that there would never be a website you could practice phishing on, because the members would know what they signed up for so they would suspect it. If you really want to do it just gather a list of emails and send an email to them

@AubreywanPicobi Жыл бұрын

I'm an old dog getting back into this stuff. Love your videos & may have to buy some coffee from you. OH - have to try this on other DBs.

@kmishy Жыл бұрын

I learned it 7 years ago but today I learned the concept behind this

@stylem8132 Жыл бұрын

Thanks for the great content Chuck! I have a question: Since the sql statement contains username="admin" OR "1"="1" AND password="whatever", why does the AND operator use the password and the username instead of the password and "1"="1" even thought "1"="1" is right next to the password?

@SakshamSinghania Жыл бұрын

See it this way, username="admin" OR "1"="1" AND password="whatever" We can write this as, TRUE OR TRUE AND FALSE TRUE OR FALSE (AND is getting solved with the boolean at it's right and left) TRUE This means even if you'll write '1' = '2' instead of '1' = '1' The SQL Injection works fine

@stylem8132 Жыл бұрын

@@SakshamSinghania Oooh I get it now. So the OR is just used to "eat up" the AND, since the "admin" username is TRUE anyway. Thank you!

@Shaggidelic69 Жыл бұрын

@@SakshamSinghania what do you do if you don't know the sites username???

@EthosAtheos Жыл бұрын

@@Shaggidelic69 set the user name to this: ' or user is not null or '1'='1 its the same but results in select * from users where username= '' or user is not null or '1'='1' and password = {whatever password} The and statement " '1'='1' and password = {whatever password}" will evaluate false , username = '' will evaluate false , but "user is not null" will return all users who are not null, that is basically all the users if the system makes any sense. The code is then so sloppy it uses the admin account. Probably because it is the first account, but I didn't keep digging. My goal was to get in without knowing the username once I did that I stopped looking. I did try "username is not null" but got this error: "Column 'USERNAME' is either not in any table in the FROM list or appears within a join specification and is outside the scope of the join specification or appears in a HAVING clause and is not in the GROUP BY list. If this is a CREATE or ALTER TABLE statement then 'USERNAME' is not a column in the target table." I guessed that it was user and not username based on that error and naming conventions. hope this helps.

@cyberangelcore Жыл бұрын

@@stylem8132 I dont understand, the AND has to be both true to get access right? I dont get it how the OR eat that up

@ferdinandw.8952 Жыл бұрын

Cool video

@wizzseen3150 9 ай бұрын

This is the video that motivated me to study sql

@el.jihad. Жыл бұрын

love yo videos man, they be teaching me alot

@notshrood9065 Жыл бұрын

Or just use sqli injector tool to test sites with dorks. Yeah it may not be targeted to a specific site but it’s possible

@idkcoder Жыл бұрын

You forgot to inform that this only works on website that use sql as a database and a site that is not secure from sql request (which most websites do )

@fokyewtoob8835 Жыл бұрын

That’s pretty obvious. This is just to teach people what a SQL injection actually is and how it works

@clashhub_ 3 ай бұрын

Love u from India you are the best teacher who nit only keep going on with programming but little jokes too....Thank you so much for your amazing content... ❤

@KUSINEROGT 7 ай бұрын

Mind blowing 🥳🥳🥳 what ever basic logic you put in email like Admin' ' OR '200-100'='100 Etc..

@RaulBaezPortorreal Жыл бұрын

Let’s grab coffe and see the video!

@WestcolColombia_ Жыл бұрын

Yes sr, that's correct

@philipbutler Жыл бұрын

5:40 I’m not a huge SQL wizard but wouldn’t it check 1 = 1 AND password = password first? then the OR would only be true if you guessed the username right

@fokyewtoob8835 Жыл бұрын

Not if you ignore the password request syntax and 1=1 the username. It’s not this simple in the real world but it’s still fun lol

@tabularasa0606 Жыл бұрын

Correct AND has a priority of 6 while OR has a priority of 7. So AND will be evaluated before OR. Therefore both injections fall flat when the username is wrong. But it's rare when it's not admin or any variation of that.

@dippolos Жыл бұрын

Yes, I don't understand this... 5:32 says the AND operator is used by the admin verification and the passw verification? It's impossible. This hack seems possible only if you guess the user or the passw

@EthosAtheos Жыл бұрын

@@dippolos Yes, But this will get you in not knowing either U or P.... Username: ' or user is not null or '1'='1 password: {any string}

@dippolos Жыл бұрын

@@EthosAtheos What's the precedence of the logic operators?