Part 12 - Exploiting SQLI
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:03
>> Welcome to Cybrary.
00:03
I'm Raymond Evans
00:03
>> and I will be your subject matter expert for
00:03
>> Cybraries web app penetration testing course.
00:03
In this video,
00:03
we will be discussing exploiting SQL injection.
00:03
What will we cover? We're going to talk about
00:03
exploiting SQL injection manually,
00:03
and then we're going to talk about
00:03
exploiting it with tools.
00:03
The two tools we're going to use are, SQLMap and SQLSus.
00:03
How do we exploit it manually?
00:03
Well, one way we can do it
00:03
is by using the select from statement,
00:03
which can be used in SQLMap to
00:03
refine our searches in our text even more,
00:03
or we can use the classic 1 equals 1 statement,
00:03
which we had used to detect it.
00:03
Well, we can also use that in
00:03
certain areas to dump a database.
00:03
Then we can use the union select statement
00:03
to try and figure out how many columns and try and
00:03
figure out some table information.
00:03
Let's go check them out.
00:03
>> Here we are in our SQL injection lab.
00:03
>> We see this webpage here
00:03
that provides some user information.
00:03
This is assuming that
00:03
we are looking at the username root,
00:03
and we want to figure out some more user information.
00:03
Well, what you can do here,
00:03
is go into the name section.
00:03
[NOISE] We type,
00:03
single quote or single quote one,
00:03
single quote equals single quote one.
00:03
That goes to the database,
00:03
and it tells the database,
00:03
it is a true statement and
00:03
database says, that statement is true.
00:03
Here's all the information. It gives us
00:03
this lovely table of information back here.
00:03
We're on the page,
00:03
and we want to try to figure out how
00:03
the database is set up a little bit.
00:03
Well, we can do a negative one.
00:03
You get to select statement,
00:03
and if we take negative one,
00:03
you select one, we get an error message back here,
00:03
telling us that the used select statement
00:03
have a different number of columns.
00:03
We say, well, let's see if we can
00:03
get two columns in here, well still nothing.
00:03
Let's try three, nothing there.
00:03
Let's try four and behold.
00:03
The page, throws us some results back.
00:03
You can see that that database has four columns.
00:03
Now, you can do
00:03
further identification of information on the column.
00:03
You can attempt to try to get information
00:03
that's in that column displayed to the page.
00:03
This column accepts numeric information.
00:03
But you can also do things such as,
00:03
type in fields that you may
00:03
suspect this field this may have.
00:03
You can keep going through there and typing in
00:03
different fields to try to get
00:03
further information back from the columns.
00:03
There's a very time-intensive technique
00:03
of hand jamming everything.
00:03
But you're not going to get
00:03
detected as easily with this type of technique.
00:03
If you wanted to do something like that
00:03
rather than throwing a tool at it,
00:03
it's just going to be slower,
00:03
but it's not going to be
00:03
seen as easily as the tool as well.
00:03
Speaking of tools, let's go move on to them.
Up Next
Instructed By
Similar Content
