SQL Injection with filter bypass via XML encoding | PortSwigger

preview_player
Показать описание
En este video, realizo paso a paso el laboratorio "SQL Injection with filter bypass via XML encoding" de PortSwigger. Aprenderás a identificar una vulnerabilidad de inyección SQL en un parámetro XML, evadir un firewall de aplicaciones web (WAF) utilizando entidades XML y finalmente obtener las credenciales del usuario administrador.

1. Identificación de la vulnerabilidad:

· Comprobamos que el parámetro "storeId" evalúa las entradas, permitiendo inyecciones SQL.

· Uso de operadores básicos y consultas para detectar el comportamiento.

2. Evasión del WAF:

·Implementamos Hackvertor en Burp Suite para codificar la carga útil en entidades decimales XML.

·Verificamos que la consulta inyectada pasa los filtros del WAF.

3. Explotación de la vulnerabilidad:

· Realizamos un ataque UNION SELECT para concatenar valores específicos.
· Utilizamos el operador de concatenación ||'~'|| para devolver datos como NULL || '~' || username || '~' || password.
  1. Isk4sec
Рекомендации по теме
SQL Injection - 0:07:02

SQL Injection - Lab #17 SQL injection with filter bypass via XML encoding | Short Version

SQL injection with 0:20:06

SQL injection with Filter Bypass via XML Encoding

SQL Injection with 0:05:36

SQL Injection with Filter Bypass

[Web Security Academy] 0:01:49

[Web Security Academy] SQL injection with filter bypass via XML encoding

SQL Injection with 0:00:18

SQL Injection with Filter Bypass #hackingcode

Bypass SQL Filters 0:00:23

Bypass SQL Filters & Get SQL Injection With These Quick Tips

SQL Injection 17 0:10:04

SQL Injection 17 | SQL injection with filter bypass via XML encoding

SQL Injection - 0:08:42

SQL Injection - Lab #17 SQL injection with filter bypass via XML encoding | Long Version

SQL injection with 0:04:52

SQL injection with filter bypass via XML encoding walkthrough (PortSwigger)

SQL injection with 0:07:47

SQL injection with filter bypass via XML encoding

bypass sql injection 0:07:13

bypass sql injection filter

Filter Bypass Sql 0:10:51

Filter Bypass Sql Injection By AkDk

Lab: SQL injection 0:02:46

Lab: SQL injection with filter bypass via XML encoding

Lab 17: SQL 0:05:21

Lab 17: SQL injection with filter bypass via XML encoding

SQL injection with 0:03:58

SQL injection with filter bypass via XML encoding | Portswigger Academy

Filter Bypass Sql 0:10:51

Filter Bypass Sql Injection By AkDk

SQL injection filter 0:05:01

SQL injection filter bypass ctf

SQL Injection with 0:02:29

SQL Injection with filter bypass via XML encoding | PortSwigger

SQL injection with 0:04:10

SQL injection with filter bypass via XML encoding by PentestSuite

Hacking SQL Injection 0:05:38

Hacking SQL Injection Through ByPassing WAF | SQL injection with filter bypass via XML encoding

Bypassing SQL Filters 0:14:06

Bypassing SQL Filters (picoCTF Web Gauntlet)

SQL Injection filter 0:04:23

SQL Injection filter bypass via on XML encoding |

Brackets Bypass Sql 0:17:23

Brackets Bypass Sql Injection

SQL Injection with 0:05:39

SQL Injection with Filter Bypass via XML Encoding | Web Security Academy

join shbcf.ru