SQL Injection - Lab #14 Blind SQL injection with time delays and information retrieval

preview_player
Показать описание
In this video, we cover Lab #14 in the SQL injection track of the Web Security Academy. This lab contains a blind SQL injection vulnerability. To solve the lab, we exploit the time-based SQL injection vulnerability and output the password of the administrator user.

▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬

▬ Contents of this video ▬▬▬▬▬▬▬▬▬▬
00:00​​​ - Introduction
00:55 - Understand the exercise and make notes about what is required to solve it
03:41 - Exploit the lab manually
21:04​ - Script the exploit
35:22 - Summary
35:38 - Thank You

▬ Links ▬▬▬▬▬▬▬▬▬▬
  1. Rana Khalil
  2. security
  3. web security
  4. owasp
  5. open web application security project
  6. sqli
Рекомендации по теме
SQL Injection - 0:20:25

SQL Injection - Lab #14 Blind SQL injection with time delays and information retrieval

SQL Injection - 0:35:53

SQL Injection - Lab #14 Blind SQL injection with time delays and information retrieval

PORTSWIGGER WEB SECURITY 0:08:54

PORTSWIGGER WEB SECURITY ACADEMY SQL Injection - Lab #14

SQL Injection Lab14# 0:20:09

SQL Injection Lab14# Blind SQL Injection with Time Delay & Info Retrieval - Web Security Academy

SQL Injection Lab 0:23:26

SQL Injection Lab 14 : Blind SQL injection with time delays and information retrieval

SQL Injection paso 0:09:16

SQL Injection paso a paso | Lab 14: Blind SQL injection with time delays

SQL Injection 14 0:29:42

SQL Injection 14 | Blind SQL injection with time delays and information retrieval

sql injection vulnerability 0:09:08

sql injection vulnerability | Lab 14 | attack | #part14

Ethical Hacking v2 0:36:10

Ethical Hacking v2 NETLAB+ 14 - Understanding SQL Commands and Injections

Blind SQL injection 0:10:48

Blind SQL injection with time delays and information retrieval

webHacking series | 0:24:16

webHacking series | #portswigger |Solve Sql injection lab-14 |bangla|

PortSwigger Blind SQL 0:05:23

PortSwigger Blind SQL Injection Lab-14 | Blind SQL injection with time delays

SQL Injection Hacking 1:01:05

SQL Injection Hacking Tutorial (Beginner to Advanced)

SQL Injection - 0:08:15

SQL Injection - Lab #13 Blind SQL injection with time delays

SQL Injection - 0:31:25

SQL Injection - Lab #11 Blind SQL injection with conditional responses

SQL Injection Lab14# 0:22:37

SQL Injection Lab14# Part02 Blind SQLi with Time Delay & Info Retrieval - Web Security Academy

SQL Injection - 0:28:17

SQL Injection - Lab #12 - Blind SQL injection with conditional errors

Portswigger Web Academy 0:15:20

Portswigger Web Academy - Visible Error-based SQL Injection - Lab Walkthrough

SQL Injection to 0:04:41

SQL Injection to Retrieve Hidden Data!

SQL Injection - 0:07:05

SQL Injection - Lab #1 SQL injection vulnerability in WHERE clause allowing retrieval of hidden data

SQL Injection - 0:19:26

SQL Injection - Lab #13 Blind SQL injection with time delays

SQL Injection - 0:45:16

SQL Injection - Lab #12 Blind SQL injection with conditional errors

SQLInjection | PortswiggerLab 0:04:03

SQLInjection | PortswiggerLab with SQLMap | Lab 1

SQL injection UNION 0:05:02

SQL injection UNION Attack - Finding A Column Containing Text

Комментарии
Автор

thanks a lot for the walkthrough, the entire series has been a blast!, I admire you: working until 2:30 am in the morning is just for experts!, amazing, seriously

HerbertEduardoFernandezTamayo
Автор

tnx a lot professor
i have one question
when we use substr and when we use substring function
in latest Labs somewhere we used substring like this example:
' and (select substring(password, 1, 1) from users where
and somewhere we used substr like this example:
' || (select CASE WHEN (1=1) THEN TO_CHAR(1/0) ELSE '' END FROM users where username='administrator' and substr(password, 1, 1)='a') || '

abbassadeghi
Автор

Amazing work and tutorial series. Keep up the good work Rana.

Just a quick point, for efficiency - at intrusion part - we could just check if length of password is = to the payload (in this case numbers 1~25) instead of > . This way only the exact length (20) will take 10sec. ...LENGTH(password)=§1§...

arenzovich
Автор

I tried over and over again, and downloaded this Python script and used it, changed the TrackingId and session and URL to match my fresh session, and was not able to get this to work. the Python Script runs, but never retrieves a result. It just continues to cycle through the ASCII characters. I'm on Python 3.11.6 on OSX 14 Sonoma.

NetDevsRyan
Автор

thanks for all these tutorials, and scripting them

petergentile
Автор

Hello Rana, great stuff. Learnt alot about SQLi. I would like to see more videos on how to go about writing python scripts. Thanks.

abemendez
Автор

Thank you soooo much, you are a great and honest teacher. Regards

jawahiral-jabarty
Автор

If a web have no tracking is it mean that the web is not vulnerable to the blind sqli?

hilalkhan
Автор

Thank you for the lesson, I have a question is it possible to find the table name by time delays and how to do it?

hoangnguyenthai
Автор

Any reason to use such a long sleep timer instead of using 2-3 seconds?

fammilogga
Автор

i dont know why but the python code dont work !!!

TheMsterDoctor
Автор

Great python codes. This one gave false positives. I had to rerun the script several times since I was getting non-alphanumeric characters.

NassimDhaher
Автор

Is there a way to get the trackingid and session cookies using the script itself rather than having to add it manually? I tried using the r.cookies.get_dict() method but the cookies don't match with the ones opened in the lab probably because I'm sending another request to get the cookies.

vandanbhuva
visit shbcf.ru