Part 13 - Exploiting SQLI

Video Activity

This lesson focuses on using SQL map in Kali or Kali 2 to check a database, run a scan and discover vulnerabilities.

Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
4 hours 20 minutes
Difficulty
Intermediate
CEU/CPE
5
Video Description

This lesson focuses on using SQL map in Kali or Kali 2 to check a database, run a scan and discover vulnerabilities.

Video Transcription
00:04
So this is the meat and potatoes of this video section here. So we're gonna be using sequel man
00:09
yearning Callie or Callie Tomb sequel maps already pre built in. So you're not gonna have to use the play thought. Sequel map dot Pie. You're just gonna type sequel map.
00:18
Uninterested the command.
00:21
So we have
00:23
the command calling sickle map. Tak you and it's asking for the girl.
00:28
We say tak tak dbs. So is telling you to check the database.
00:33
So let's go. Run that right quick.
00:43
Right here. We are in our environment, so we're gonna type
00:47
secret map
00:49
attack you.
00:51
Http Colon for such force
00:56
192
00:57
That 168
00:59
did I
01:00
0.12
01:07
tech Zach D B s
01:11
run that.
01:17
And there's an error Nessie
01:19
for these. You can't just type in the address like this. You need an address feel which has an i d field. So let's look at our
01:30
page here.
01:49
Let's take
01:52
this address and
01:53
it's through Ah, sir, sequel lap against that and see what we get.
02:12
And let's run that and see what we get back.
02:21
And this page itself is not vulnerable to a sequel. map attack
02:27
its final with an I D field
02:35
name
02:38
in the
02:40
All right,
02:42
there's an I D. Equals two.
02:45
Just copy that.
02:47
Let's go back to our command. Here
02:53
was attempt a
02:58
based on racial from that one,
03:05
and we're gonna tell it Yes, too.
03:08
Check for the others.
03:12
I'm gonna include all of the my sequel
03:15
and it tells us, Hey, these vulnerable. But do we want to keep testing the others? If any.
03:21
Yes, I'll say yes. Let's see what we get. All right.
03:24
Now that tells us here
03:27
that we have available databases,
03:30
exercises and information. Schemer, let's go back to our slide
03:34
and explain our next step.
Up Next