SQL Injection - Lab #11 Blind SQL injection with conditional responses

I can't tell you how helpful your videos have been.
While doing the labs side by side I do it once with you, then again on my own, and it's been night and day in proficient results.

I hope I'm lucky enough where you did all the labs in practitioner, so I can follow along and so happy I found your channel.
Thanks for your hard work and educational videos.

- grateful, newb.

mih

Great video. Instead of buying the professional edition, I used a Burpsuite extension called turbo intruder. I created my attack list of numbers from 1 to 100 and gave it to the payload. The attack was completed in 3-4 seconds. Maybe it's even faster than the professional edition itself. XD

saketmahar

The length of the video seemed discouraging at first, but after watching it till the end, I was able to solve the lab despite using the Burp Suite community edition. Thank you very much—this video made my day!

adinduchigozie

this content is free, yet invaluable. i wish i was rich enough to donate $5m to Rana, i wonder what benevolent act for the infosec community she'd cook up next

anonymous

Absolutely brilliant vid you explain it so well SQL is something i struggle with well not anymore thanks to you
Much appreciated

scottp

You have done a great job... shortly you will have a lot of followers. Amazing format and approach.

MrShreeAB

I have been really enjoying your challenge walk throughs. Really clear and well presented. Thankyou

tobywilkins-ui

19:52
U can also use substring to determine the length of the password. By increasing the first number and testing if the substring equals nothing (empty).
'AND..Substring (....20, 1) = [nothing)

IF IT equals nothing it means we exceeded the length

codermomo

Great video. I could understand Blind SQLi from this video because the explanation was very clear. THX!

jycx

guys dont worry it only takes exactly 2 hours and 4 minutes with the community edition . i was too dumb to debug the python script issues i had so...

LiptonDemonBlade

This was the best one yet! Thanks Rana! One thing to note is how this process could be improved by using greater than or less than operators instead of just equal to.

cwinhall

Like the way you teach you explain as you go which is good for beginners

arunrawat

These videos are amazing, Rana. Thank you!

jmeskay

Very nice video, seriously this helped me a lot. Thank-you Rana Khalil..

purvashgangolli

Thank you for being very thorough, and descriptive

DuulHomes

Thank you @Rana Khali, great explanation!

La_Muerte_Soy

I seems that your voice is need to more clear and slow. Finally it's very helpful.

RakibHassanAkash

Really nice and well explained. Also like your clear voice 👍🏻

ashishmohanty

Hi Rana, i follow your video and solve the lab using a python script with Binary Search. Thank you for you content!!!

hex_maquina

First of all great video, well explained MashAllah!

Somequestions!!!
1. what if users table exists with a different name like users_jkftb or users_yyytf?
2. What if administrator was named as admin or super user?
3. Does the vendor of the database matter? i think it does based upon if oracle or mysql our payloads would differ.
4. How can we construct an attach methodology that can work irrespective of database vendor and predefined names of tables or users? A real life approach.

Thanks
AHmed

ahmedsaleem