SQL Injection - Lab #7 SQL injection attack, querying the database type and version on Oracle

preview_player
Показать описание
In this video, we cover Lab #7 in the SQL injection track of the Web Security Academy. This lab contains a SQL injection vulnerability in the product category field. To solve the lab, we perform a UNION based SQL injection attack that queries the database type and version on Oracle.

▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬

▬ Links ▬▬▬▬▬▬▬▬▬▬
  1. Rana Khalil
  2. security
  3. web security
  4. owasp
  5. open web application security project
  6. sqli
Рекомендации по теме
SQL Injection - 0:12:35

SQL Injection - Lab #7 SQL injection attack, querying the database type and version on Oracle

SQL Injection Lab 0:04:27

SQL Injection Lab - 7 | PortSwigger | Web Security Academy

SQL Injection - 0:27:04

SQL Injection - Lab #7 SQL injection attack, querying the database type and version on Oracle

[hacking] SQL Injection 0:44:02

[hacking] SQL Injection Lab 7

PORTSWIGGER WEB SECURITY 0:03:36

PORTSWIGGER WEB SECURITY ACADEMY SQL Injection - Lab #7

SQL Injection - 0:29:27

SQL Injection - Lab #6 SQL injection UNION attack, retrieving multiple values in a single column

SQL Injection 7 0:04:25

SQL Injection 7 | SQL injection attack querying the database type and version on MySQL and Microsoft

SQL Injection - 0:13:48

SQL Injection - Lab #6 SQL injection UNION attack, retrieving multiple values in a single column

SQL injection vulnerability 0:01:38

SQL injection vulnerability in WHERE clause allowing ... (Video solution & Audio)

PortSwigger SQL Injection 0:05:37

PortSwigger SQL Injection Lab-7 | Determining the number of columns returned by the query

SQL Injection Lab 0:01:33

SQL Injection Lab Example 7

PortSwigger SQLi Lab 0:11:53

PortSwigger SQLi Lab #7 SQL injection attack, querying the database type and version on Oracle

SQL Injection - 0:09:08

SQL Injection - Lab #8 SQLi attack, querying the database type and version on MySQL & Microsoft

SQL Injection Lab 0:09:50

SQL Injection Lab 7 : Querying the database type and version on Oracle - UNION Attack

webHacking series | 0:14:45

webHacking series | #portswigger |Solve Sql injection lab-7 |bangla|

SQL injection attack, 0:11:48

SQL injection attack, querying the database type and version on Oracle in Hindi (Lab #7)

Sqli Labs Master 0:12:22

Sqli Labs Master Lession 7 Solution

SQL injection attack, 0:02:11

SQL injection attack, querying the database type and version on Oracle (Video solution)

Portswigger Lab Çözümleri 0:08:32

Portswigger Lab Çözümleri 7 - SQL injection Lab 7 Türkçe Anlatım

SQLi-7 @HMCyberAcademy SQL 0:04:15

SQLi-7 @HMCyberAcademy SQL injection attack querying the database type & version on MySQL and Mi...

PortSwigger: SQL injection 0:09:15

PortSwigger: SQL injection attack, listing the database contents on non-Oracle databases

SQL Injection - 0:22:36

SQL Injection - Lab #8 SQLi attack, querying the database type and version on MySQL & Microsoft

SQL Injection - 0:18:26

SQL Injection - Lab #9 SQL injection attack, listing the database contents on non Oracle databases

SQL Injection - 0:28:17

SQL Injection - Lab #12 - Blind SQL injection with conditional errors

Комментарии
Автор

Dear Rana, I wanted to take a moment to express my deepest gratitude for the incredible knowledge you've shared. Your teachings have been truly invaluable, and I can't thank you enough for the positive impact they've had on my learning journey. Please keep inspiring and empowering others with your expertise!

IkromIsmoiljonov
Автор

O My God... You make Operations like these look very simple. I was hovering on this concept in my OSCP lab since last 5 hours

SudoSrijan
Автор

Respect from Italy. Thanks a lot for your job. I'm learning so much from you. Perfect teacher! really <3

erroregrammaticale
Автор

In the same lab, i dont find any internal server error while checking the number of columns. Can you tell me the error.

abhimanyuchoubey
Автор

Why we used NULL in one column, even though we know both the column contain text?

abhimanyuchoubey
Автор

how did you know that it is vulnerable to sqli by just putting a single quote?

radchad
Автор

' UNION SELECT banner, NULL FROM v$version--

Why the upper query is working and the lower is not?

' UNION SELECT NULL, banner FROM v$version--

Both the columns are having type string but still, this query is not working....

mananjindal
Автор

Hi, In my case it's showing ' Internal Server Error ' While I put this code ' UNION SELECT banner, NULL form v$version--

abdulx
Автор

Hi there.

Gread video. I tried your method and it worked. But I also tried a different method to find the number of columns in a table. It did not work so i just wanted to ask you.

What i did was:
- In the repeater, i used '+UNION+SELECT+NULL, NULL-- instead of the ORDER BY method you used.
- It kept showing me internal server error.

I remember reading that the number of nulls used should correspond to the number of columns in the table. Moreover, the nul method is apparently a better option because as portswigger says, "NULL is convertible to every common data type, so it maximizes the chance that the payload will succeed when the column count is correct.".

Will it be possible for you to explain what is happening here?

ultimate
Автор

Mam, Please make more videos on SQL Injection (Portswigger)

kurkureAK
Автор

is it ok to use : Gifts'+union+SELECT+banner, NULL+FROM+dual, v$version--

default_deb
Автор

While I am intercepting, and adding order by clause in the repeater tab, it is always giving me 400 response code. What am I doing wrong.

nidhisingh
Автор

I have a question how do I know the type of database

zzzzzzzzZzZZzzzaZzz
Автор

مافيش قناه بالعربى مالو العربى يارانا😂

adep.