Interactive SQL Injection

The reason it always expects you to use id='0' or just '' is because you have to remove the original query's output to make your added result the first row. In a real-world situation, only the first row is returned as the article content on the web page. Subsequent rows are ignored. So they made that form look like a browser window.

watermelonpiebread

It’s a common misconception that you will get the first record when adding LIMIT 1 to a SELECT statement. You will get 1 record, but unless you specify the ORDER BY, it’s up to the database to provide you with any record.

robbertvriens

Just being very blunt and honest here. US $80 for a single module is quite an ask.

CoastalCult

As another poster pointed out, you kept getting answers occasionally wrong because you would return article data in those attempts in the first row. The faux web page was only showing the first row, so you were not showing any secret data at all. To remove the article data being returned you need to set id to a non-match, such as 0 or empty string, anything but 1 in this case.

DavidRomigJr

quite a steep price, when compared to THM

mprokop

You have a typo on the instructions of part 7 - "in descening order", missing the "d" in "descending"

beck

I have tried to do so much courses but I haven't completed lets see from start

ASI_SOLUTION

dont know about the guys mentioned but i would personally find it funny if randomly after multiple years of career an expert would tweet that they just finished the beginners course.

ai-spacedestructor

At 2:03 the leaderboard icon is the same as the logo of gemairo

kikkerpoesGD

i just started watching your videos couple weeks ago and it's really making me want to learn how to code or program but I feel dum XD but want to learn

bakurathewerewolf

24:24, any Missouri government work..

notavoicechanger

Hey @John Hammond, I remember there was a CTF making competition where we can submit our challenges and they will be reviewed and awarded later. I created one challenge and submitted but never heard back ?? Im curious what happened?

Nckdgr

I missed this kind of content keep it up Hammond this is refreshing to watch🎉

AyaanAhmado

does owasp and asvs help as std? or there any better way

fsbgaming

I got 2 questions:
how much does it cost to make it from start to finish
Does it teach from total noob to certified expert

Rho--Security

Will prepared statements protect from this?

ChristophHellmann

If anyone is learning SQL from this please note that from a developer perspective, at least with MySQL, LIMIT 1 OFFSET 1 is the proper way to perform pagination since it's far more expressive than LIMIT 1, 1

cinderwolf

Please take us through the last test in another video please

danielmuthama

OHH John hammond I never thought u didn't knew password is first encrypted and then saved to the database

sad_man_no_talent

2:08 in that video shot i thought it was a man with a loud print shirt sitting in front of a table. then i later realised there is a laptop right there. 😂 the print in the laptop almost makes it camouflaged... that would be funny to make laptop skins that match tshirts you are wearing and coordinate your outfit with your laptop.

iblackfeathers