Live Hacking: SQL Injection For Beginners (Part 1)

Показать описание

Some useful resources on SQL Injection:

DISCLAIMER: The demonstration shown in this video is
performed in a controlled lab setup. This video
is for educational purposes only. You can only
perform penetration testing in your own lab
environment and doing it on any live application
is not allowed and it is a crime unless you are a
professional and have appropriate permissions.

In this video, I demonstrated Error-based SQL Injection and by demonstrating it practically on an intentionally vulnerable application called Juice Shop.
OWASP Juice Shop is probably the most modern and sophisticated insecure web application! It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications!
In this video, we exploit the SQLI vulnerability on Juice Shop

You can run juice shop on your computer by simply using Docker (check out the above link to read the instructions on how to do so)

Originally, this video was supposed to contain both Error-based SQLI and Blind SQLI, but since the video is getting very long, I had to split it into two parts. This is part 1 that has the Error-based SQLI demo, the part 2 will have the Blind SQLI demo.

I uploaded part 2 to Odysee (LBRY based app) to support the cause of decentralizing the web. Decentralization means no censorship and content freedom!
Unlike platforms like YouTube (which are biased and controlled by a central authority), decentralized applications are not controlled by any single authority, no one has excessive powers or privileges over these applications, and most importantly they are also open-source so no data theft!
This is why I believe the decentralized web is the future!

Chapters:
0:00 Disclaimer & What are we going to learn in this video?
1:31 About our sponsors - Snyk
5:06 What is SQL?
5:57 What is SQL Injection?
7:06 SQL Injection on Juice Shop
7:37 Install Juice Shop on your PC with Docker
10:22 Exploiting SQL Injection in the Login feature
18:20 Exploiting SQL Injection in the Search feature
34:39 Using SQL Map to automate SQL Injection
39:35 Error based SQLI vs Blind SQLI
40:31 Using Snyk to find and fix SQL Injection bugs
50:31 End of Part 1

Thanks for watching!
SUBSCRIBE FOR MORE VIDEOS!

Рекомендации по теме

Комментарии

the quality of his video- 101%
YouTube messing with his channel - 2000%
result - max 10k viewers :/

falconfire

Raj I can't thank you enough for this beautiful and instructive content on SQL injection. I have learned a tone of new things. We need for content like this especially for bug bounty hunting. Thanks bro!!👍🏽🙏🏽

bertrandfossung

I didn't knew that sql can be used for this i thought it was usless while learning it in my class😊
But now😍

isha

_Raj_ *Make some great courses please*

HeyAsif

We want more of these type of videos !
You are doing a great job

SinisteR

Good one
I would not see any Indian Course
But today I am Proud of You
Thank You Anna

Abhinav-Bhat

Most ignored thing in the world : This video's *DISCLAIMER* 😂😂

GauravRai

I was just suffering a lot learning SQL injection
Thanks a lot 🥺🥺❤️❤️😺

animeloverpakbj

Dude thanks a lot man ur vids are really informational

kurdmajid

First time I found a very usefull sponser.

debashissatpathy

Loved it, need more lessons like this thankyou ❤️🔥

akshatdasondhi

Bro this is elite 😮 🎉❤ love from Maharashtra

viresh

There are many videos on SQL and I have learned but not the complete and it's interesting to learn from your favorite YouTuber

bruhhh-__-

This channel covers a lot of content that is hard to find accurate information on these days… reminds me of the Wild West internet before everything got nerfed 🤓

SadTown