Bypassing addslashes() using format string to get SQL Injection | Baby-sql @ HackTheBox

preview_player
Показать описание
Baby sql is a Medium difficulty Web challenge from @HackTheBox . In this video we are going to exploit a format string vulnerability in order to bypass the PHP addslashes() function and obtain SQL Injection against the target.

=== Timestamp ===
00:00 Intro
00:44 Source code analysis
01:36 Creating a local copy of the script to debug
02:02 Hosting with PHP the debug page and testing that it works
02:23 Testing the behaviour of the program
02:45 Documenting about the addslashes() PHP function
03:23 Documenting about the vsprintf() PHP function
03:44 Format string 101
04:08 Discovering a format string vulnerability
04:28 Finding a way to bypass addslashes() and evade the query
04:55 Searching a suitable SQL Injection attack
05:31 Failing dumping tables because error-based subquery returns more then 1 row
05:27 Dumping tables, rows and the final flag
06:45 Outro

If you enjoyed the video leave a like and subscribe to my channel!
---
Would you like to support my work? Offer me a virtual coffee :)

Check out my socials:
  1. 0xbro
  2. 0xbro
  3. maoutis
  4. hacking for beginners
  5. pentesting for beginners
  6. hackthebox walkthrough
Рекомендации по теме
Bypassing addslashes() using 0:07:13

Bypassing addslashes() using format string to get SQL Injection | Baby-sql @ HackTheBox

Testing SQLi (Inject 0:09:06

Testing SQLi (Inject & Bypass)

sqli-labs series part 0:24:16

sqli-labs series part 23 (bypassing addslashes - charset Mismatch)

[Tutorial] Bypass Addslashes 0:13:13

[Tutorial] Bypass Addslashes Sử dụng kí tự đặc biệt [SQLi]

PHP String Function: 0:00:59

PHP String Function: addslashes( )

Bypass authentication application 0:03:08

Bypass authentication application with SQL INJECTION

Zeichenketten - MASKIERUNG 0:09:30

Zeichenketten - MASKIERUNG addslashes, stripslashes, quodemeta [PHP Doku - Funktionsreferenz]

SQL Injection Based 0:01:15

SQL Injection Based Login Bypass Tutorial (by Shravani Bhoir)

EnigmaGroup Basic 21 0:00:50

EnigmaGroup Basic 21 SQL Injection Challenges

SQL Injection | 0:13:46

SQL Injection | Bypass Authenticaion | Realistic Mission 2 | Starbucks SQL Injection

Bypass Sql Injection 0:04:06

Bypass Sql Injection

HackTheBox - OPHIUCHI 0:21:21

HackTheBox - OPHIUCHI (Privilege Escalation) | Walkthrough [ITA]

SQL : Examples 0:01:30

SQL : Examples of SQL Injections through addslashes()?

String Function in 0:08:53

String Function in PHP - addslashes | PHP String Function | Knowledge Thrusters

MySQL : Php 0:01:21

MySQL : Php addslashes sql injection still valid?

15. SQL Injection 0:11:11

15. SQL Injection | Authentication Bypass (Part -4)

Bypass IDS/IPS sfruttando 0:10:10

Bypass IDS/IPS sfruttando PHP query string parser

How to prevent 0:06:47

How to prevent SQL Injection in PHP in English

2 SQL injections 0:11:35

2 SQL injections and prevention in php

SQL injection Int 0:07:19

SQL injection Int Required Filter Bypass

3. [LIVE] SQL 0:50:37

3. [LIVE] SQL Injection - GET, POST, Blind, Bypass Auth

How To Use 0:02:25

How To Use Addslashes Function In Php In Tamil

How to escape 0:00:11

How to escape single quote in a single-quoted string #bash

Otodidak PHP - 0:01:09

Otodidak PHP - 5b - Manipulasi String - addslashes

join shbcf.ru