12 hours 9 minutes
everyone. Welcome back to the course. So in the last video, we started off our discussion on sequel injection attacks. So we went ahead and ran a couple of commands against our user name and password fields to see if we could log in as administrator.
And we were successful in those. Now, if you haven't done that video Yeah, go ahead. Paul is just want to go back to that video. So that way you can fellow along with the rest of the lab.
So now around step 17 here. So we're gonna go back to that lost 20 C 17 on the left side. We'll go back to the sequel, injection this sq ally extract data, and then we're gonna select user info this time.
So let's go and do that now. So I just clicked back over here so we can see everything.
So I lost 2017. Just cover your mouth over top there. Sequel injection.
If Moscow operates there we are. And then the SQL I extract data and then user info. Let's go ahead and click on That Might take a moment to sort of pull up. You'll see. We've got another user name and password field.
All right, so now we're at step 19 here. We're gonna enter in the just two years in a field, we'll leave the password, information blanks. But in their username field, we're gonna take that same command we have done just a moment ago. We're gonna type in admin, single single quotation, mark
semicolon and then the pound symbol. So let's go ahead and do that now.
So this type and admit all of her case
semi calling and then the pound symbol, and then either just hit and turn a keyboard or click the view account. Details option.
And I might take a moment, so that should give us back some results. Let's take a look at our question here.
Question number four. Do you see any password information after you run that command? So after we run this command, do we see any password information back
are so on my end. I do. I see that I've got admin passes, the administrator password. So I was successful with that attack, I was able to figure out the administrator password
are So the next thing we're gonna do here it step 20. We're just have a different command in the user name field. We're gonna see what kind of information we get back from this. So we'll take this one slow like we did before. We're just gonna type in initially admin and then the single quotation mark.
So here in the username boxes admin, single quotation mark,
we'll put a space,
and then we're gonna type or
and then we'll put another space.
Let's go and do that now
and then Finally, we're gonna put a one equals one semicolon, and then the pound symbols. Let's go and do that. Now we're gonna put one equals one,
the semi colon and the pound symbol.
So once you've entered that in there, just hit and turn a keyboard, we'll let that run.
All right? So question number five Now, do you see any other user credentials in the output? So besides the administrator account, do we see anybody else's log in information?
So let's take a look here and see
Well, I do a mind, right? I see information for Adriana. I see it for John Jeremy Brice. Well, this isn't good, right? This is not a good thing. Toe have. So we do see, as we've entered these different commands, we do see that this application is vulnerable to sequel injection attacks. But let's keep going with our lab.
All right? So now what we're gonna do is we're gonna block out here. So we're just gonna log out, and we're gonna go back to the original log in screen we were at. So if you remember, that was he s que alli and extract data and then user info. So that one we just went to a moment ago. So let's go ahead and log out. So we'll go back up to the top of the page. Just click on, log out.
Might take a moment. Assume there we are. And no, I'm just gonna navigate back. So I lost 2017 Sequel injection SQL. I extract data and then our user info
and I take a moment it's gonna take us back to the log in screen.
All right, So now what we're gonna do in the user name field is we're gonna take this long command here, so we'll take this one step by step like we've done before will slow it down. It will make sure we enter this properly. Double check yourself. Once we've entered a to make sure you've entered it correctly, and then we'll go ahead and run it. And question over six year is gonna be Is there anything different about the output on this one compared to
the other commands that we've run?
So let's go and start entering this in. So we're gonna type in admin and then single quotation mark a space and then union.
So here in the user name field, we're gonna type AB in single quotation mark space and then union.
We're gonna put another space. And now let's take the rest of our command Were type select space, the number one in a comma.
All right, so let's go ahead. Type that in So select
face the number one and comma. Put another space.
Now we're gonna type in your username, comma and then password.
So we're typing user name
comma space password. And then we'll also add a coma at the end of password will put another space. Now the Nazis entering some numbers here,
we're gonna type in 456 and seven.
So we'll put a four,
make sure you put a space we'll put a four comma space fire, comma space six comma space seven And then just put another space after the seven there.
And then finally, we're gonna write in type in from space accounts
semi colon and the pound symbol. So from space accounts, semi colon and pound.
we put a space in, we put accounts semi colon in the pound symbol.
All right, so then what I want to do is just double check yourself. So make sure you talked everything correctly. Didn't fat finger anything. If you've talked everything correctly and you double checked yourself now, you can either click, view, account details or distress or enter key on your keyboard. Now, that's gonna go ahead and run this for us.
It might take a moment, so to run.
All right. So if you remember question number six year, is there anything different about the output with this particular command? Well, let's scroll down a seat. Let's see if we find anything different at all.
All right, so I noticed something. What do you notice?
So what I notices. I noticed that all the signatures that we originally had we ran the previous command.
We had signatures for these particular users. However, now all the signatures are saying for right. So aside from our admit up top top here, all of our signatures are saying for
all right, cool.
So we know that, um,
the previous command was able to give us more output on this, but we still see that this entire application is vulnerable to sequel injection attack. So this is really kind of a high level overview in this particular portion of the lab, a CZ with most of laps in this course, we try to keep him pretty high level. So that way, anyone could get an introduction to these things.
But by all means, we're not stringing together a bunch of sequel
our along sequel query and running this against something, right? So it's really just a high level overview. So we were We were able to see that this particular Web application is vulnerable to sequel injection attacks, and we were able to see, like why that's an important thing, right? We're able to see that an attacker could get usernames and passwords.
So, for example, if your name's Adrian and you're out there and hopefully that's not not your password
But if that is your password for some reason, then understand that this is how an attacker can get your information and pretend they're you log into systems and cause chaos. And then, unfortunately, a lot of times that comes back to you unless someone can prove attribution to someone else. So just keep all that in mind. That's why we learn these things. That's why we focus on them. And that's why the WASP
Top 10 list is very important for organizations to understand.
All right, so in the next video, we're gonna jump into command injections and then a CZ I mentioned before after that will jump into HTML injection.