Time
4 hours 20 minutes
Difficulty
Intermediate
CEU/CPE
5

Video Transcription

00:04
Welcome to cyber ery. I'm Raymond Evans, and I will be your subject matter expert for Cyber Aires. Web at pediatrician testing course
00:10
This video we will be discussing exploiting sequel injection. So what will be covered? We're gonna talk about exploiting sequel injection manually, and then we're gonna talk about exploiting with tools the two tools we're gonna use our sequel map and sequel Suss. So how do we explain it manually? Well, one
00:26
way we can do it is by using the select from statement
00:30
which can be used in sequel map toe refine our searches in our tax even more,
00:36
Or we can use the classic one equals one statement, which we had used to detect it. Well, we can also use that in certain areas to dump a database, and then we can use the union Select
00:50
Statement thio try to figure out how many columns and try to figure out some table information. So let's go check them out.
01:22
All right, here we are in our sequel injection lab.
01:25
We see this Web page here that provides some user information. So
01:30
is assuming that we're looking at the username route
01:34
and we want to figure out some more user information.
01:40
Well, what you can do here,
01:42
Let's go into the name section.
01:47
We tape
01:49
single quote or signal. Quote one single quote equal. Single quote one
01:57
that goes to the database.
01:59
And it tells us and tells the database it is a true statement on data Base says Estate Minutes Trail.
02:07
Here's all the information and gives us this lovely
02:09
table of information back here.
03:15
They were on a page, and we want to try to figure out how all the databases set up a little bit.
03:21
Well, we can do a negative one.
03:24
You select statement,
03:28
and
03:30
if we type negative one, you select one.
03:32
We get an air message back here telling us that the used select statement have a different number of columns. So, Seo, let's
03:42
specifically it two columns in here, huh? Still nothing.
03:46
Try three.
03:47
Nothing there
03:50
Straight for
03:51
you know, I behold
03:53
the page throws us some results back
03:55
so we could see that that database has four columns Now. You can
04:00
do further identification of information on the column.
04:04
You can attempt tow, try to get information that's in that column
04:10
displayed to the page.
04:14
So this column accepts
04:16
numeric information.
04:19
But you can also
04:23
do things such as
04:26
tape in
04:28
fields that you may suspect
04:32
I have, Ah,
04:34
that you may suspect
04:36
this field this may have
04:40
so you can keep going through there and typing in
04:44
different
04:45
fields. To try to get further information back
04:49
from the columns
04:51
is a very
04:54
time intensive technique of hand jamming everything.
04:59
But you're not gonna get
05:00
detected as easily with this type of technique. So if you want to do something like that rather than throwing a tool at it,
05:09
it's gonna be slower. But
05:11
it's not gonna be seen as easily as the tools. Well,
05:15
speaking of tools, let's go move on to them.

Up Next

Web Application Penetration Testing

In this web application penetration testing course, SME, Raymond Evans, takes you on a wild and fascinating journey into the cyber security discipline of web application pentesting. This is a very hands-on course that will require you to set up your own pentesting environment.

Instructed By

Instructor Profile Image
Raymond Evans
Instructor