Time
9 hours 31 minutes
Difficulty
Intermediate
CEU/CPE
10

Video Description

This lesson offers participants a demo of Sequel (SQL) Injection using a vulnerable web application called multilidea which is very useful for discovering vulnerabilities. In this lesson, the instructor demonstrates the 1 = 1 attack.

Video Transcription

00:04
Hello and welcome to the secure coding course. My name miss anywhere. And this is the OAS top 10 for 2013 a one injection demo on sequel injection.
00:20
This is the demo for a one injection sequel injection.
00:25
We're actually looking at a vulnerable Web application that is developed by Jeremy Durin and Adrian Crenshaw, and it's called Mattila Day.
00:38
Basically, it's a very good tool for learning various types of vulnerabilities, and it has distinct security levels, so you can test your skills.
00:49
Now for this particular demo, I'm going to demonstrate the one equals one
00:55
attack. So first, I'm gonna go ahead and log in as myself.
01:06
And then I'm going to go to the Lost 2013 a one injection the user. Look up information.
01:15
Now I'm going to purposefully have an heir message Come up on Lee because Jeremy does a very nice job of showing what the sequel statement actually looks like on the back end
01:29
inside of the air message. So let me go ahead and do that. Now,
01:34
what I'm going to do is attempt a sequel injection. Now I know that my name is valid because I'm actually logged in as myself
01:42
if I were to end that first statement with the tick
01:46
and then attempt
01:48
the one equals one attack I would start with or
01:53
one equals one.
01:57
Now, this is going to fail because my ask, you'll require some additional spaces.
02:04
But I want for you to see
02:07
what the statement actually looks like.
02:09
So if we take a look here, we can actually see the query that was sent back.
02:15
It says select star from accounts where user name is equal to Sonny. Okay, so that was
02:23
this portion is, of course, the legitimate or valid account. And I ended that with a tick.
02:32
Then I made a statement of totality stating that one equals one which we know is always true
02:42
and then that ended in a tick. Now, the reason why
02:46
this particular query fails is because I did not comment out the password portion of this statement.
02:55
Okay, not a problem. Let's go ahead and try it again,
03:00
Sonny. Tick space for
03:05
one equals one
03:07
space dash, dash space.
03:13
And now my one equals one attack actually works and you can see the results have come back

Up Next

Secure Coding

In the Secure Coding training course, Sunny Wear will show you how secure coding is important when it comes to lowering risk and vulnerabilities. Learn about XSS, Direct Object Reference, Data Exposure, Buffer Overflows, & Resource Management.

Instructed By

Instructor Profile Image
Sunny Wear
Instructor