SQL Injection - Lab #5 SQL injection UNION attack, retrieving data from other tables

preview_player
Показать описание
In this video, we cover Lab #5 in the SQL injection track of the Web Security Academy. This lab contains a SQL injection vulnerability in the product category field. To solve the lab, we perform a UNION based SQL injection attack that retrieves the usernames and passwords of the users of the application.

▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬

▬ Links ▬▬▬▬▬▬▬▬▬▬
  1. Rana Khalil
  2. security
  3. web security
  4. owasp
  5. open web application security project
  6. sqli
Рекомендации по теме
SQL Injection - 0:09:39

SQL Injection - Lab #5 SQL injection UNION attack, retrieving data from other tables

SQL Injection - 0:25:00

SQL Injection - Lab #5 SQL injection UNION attack, retrieving data from other tables

SQL Injection Lab 0:04:49

SQL Injection Lab - 5 | PortSwigger | Web Security Academy

PORTSWIGGER WEB SECURITY 0:04:19

PORTSWIGGER WEB SECURITY ACADEMY SQL Injection - Lab #5

SQL Injection - 0:02:28

SQL Injection - Lab #5 SQL injection UNION attack, retrieving data from other tables

[hacking] SQL Injection 0:18:00

[hacking] SQL Injection Lab 5

SQL Injection 101: 0:00:33

SQL Injection 101: Exploiting Vulnerabilities

Lab 5 IAW: 0:15:33

Lab 5 IAW: SQL Injection ALL Level : Low, Medium, High

SQL Injection - 0:29:27

SQL Injection - Lab #6 SQL injection UNION attack, retrieving multiple values in a single column

SQL Injection - 0:13:48

SQL Injection - Lab #6 SQL injection UNION attack, retrieving multiple values in a single column

SQL Injection 5 0:09:50

SQL Injection 5 | SQL injection UNION attack, retrieving data from other tables

SQL injection lab 0:08:46

SQL injection lab #5 | Portswigger | web-security-labs

SQL injection attack, 0:07:06

SQL injection attack, listing the database contents on non-Oracle databases (Video solution, Audio)

5- Lab: SQL 0:01:19

5- Lab: SQL injection attack, querying the database type and version on Oracle (Solution)

Web For Pentester 0:00:18

Web For Pentester | PentesterLab SQL Injections: Example 5

SQL Injection Lab 0:17:49

SQL Injection Lab 5 : Retrieving data from other tables - UNION Attack

Lab SQL injection 0:06:45

Lab SQL injection UNION attack, retrieving data from other tables

3 Solutions for 0:07:33

3 Solutions for Lab 1 SQL injection vulnerability in WHERE clause allowing retrieval of hidden data

SQL Injection - 0:18:36

SQL Injection - Task 5 | In-Band SQLi | TryHackMe

Attacking our web 0:23:05

Attacking our web application | Blind SQL Injection using Python | SQL Injection Lab Part 5

5 Lab #5 0:24:41

5 Lab #5 SQL injection UNION attack, retrieving data from other tables

PortSwigger SQL Injection 0:12:45

PortSwigger SQL Injection Lab #5 SQL injection UNION attack, retrieving data from other tables

PortSwigger SQL Injection 0:11:15

PortSwigger SQL Injection Lab-5 | Listing the database contents on non-Oracle databases

SQL injection lab 0:07:05

SQL injection lab 5

Комментарии
Автор

i noticed that women most clearly more than men in explaining thx so much Rana

mohmino
Автор

You are Amazing Rana! You explain everything in Fine detail so anyone can understand! :) We need more women in Security! :)

peasantlettuce
Автор

Finally found few ways to handle two or more parameters.

cybersec-radar
Автор

Thanks you Rana khalil best tutorials good luck

samarjan
Автор

That's awesome. No sane person would ever put a string password in a database though

ibrahimhussain
Автор

I've set up a MySQL environment and executed the query "select userid, username from user where username='admin' union select 1, 2-- '". In the "union select" part, the value 2 is of type int, but the second field in the preceding select statement is of type varchar. Surprisingly, instead of encountering an error, the query was executed successfully. Why did this happen?

周敏之
Автор

for: 'UNION select username, password from users --
Did you guess the column name or does the column name not matter?

aem
Автор

how did we know thwat there is a table called users

vasumudiraj
Автор

I'm not sure if anyone can help me understand, but when I used burpsuite, using 'UNION+SELECT+username, +password+FROM+users-- returned a 404. When I saw this video, I noticed that Rana just copied that into the url. Why does it return a 404 on burpsuite but loads correctly if placed in url?

Edit: Nvm. I'm not sure what happened, but I'm doing the lab again and it does not display 404. Although if there is something that can commonly cause an error, like a misspelling, please let me know so I can understand and watch more closely next time.

toumorokoshi
Автор

In reality every password is encrypted with some key stored in config folder that's mean whenever we use that password from this query will fail to attemp login because normaly login system use decrypted() to validate password match. let's say we can grab credential password, but I think still there misssink link to complete perfectly our penetration testing until credential cracked .and finaly the bigest isue for this technique is how to find proper encrcyption method and it's key.
anyone can give me some advice from this isue?

al-rayyanmicrogarden