Part 3 SQL Injection Demo

Video Activity

This lesson offers participants a demo of Sequel (SQL) Injection using a vulnerable web application called multilidea which is very useful for discovering vulnerabilities. In this lesson, the instructor demonstrates the 1 = 1 attack.

Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

MicroCourse
Time
9 hours 31 minutes
Difficulty
Beginner
CEU/CPE
3
Video Description

This lesson offers participants a demo of Sequel (SQL) Injection using a vulnerable web application called multilidea which is very useful for discovering vulnerabilities. In this lesson, the instructor demonstrates the 1 = 1 attack.

Video Transcription
00:04
Hello and welcome to the secure coding course. My name miss anywhere. And this is the OAS top 10 for 2013 a one injection demo on sequel injection.
00:20
This is the demo for a one injection sequel injection.
00:25
We're actually looking at a vulnerable Web application that is developed by Jeremy Durin and Adrian Crenshaw, and it's called Mattila Day.
00:38
Basically, it's a very good tool for learning various types of vulnerabilities, and it has distinct security levels, so you can test your skills.
00:49
Now for this particular demo, I'm going to demonstrate the one equals one
00:55
attack. So first, I'm gonna go ahead and log in as myself.
01:06
And then I'm going to go to the Lost 2013 a one injection the user. Look up information.
01:15
Now I'm going to purposefully have an heir message Come up on Lee because Jeremy does a very nice job of showing what the sequel statement actually looks like on the back end
01:29
inside of the air message. So let me go ahead and do that. Now,
01:34
what I'm going to do is attempt a sequel injection. Now I know that my name is valid because I'm actually logged in as myself
01:42
if I were to end that first statement with the tick
01:46
and then attempt
01:48
the one equals one attack I would start with or
01:53
one equals one.
01:57
Now, this is going to fail because my ask, you'll require some additional spaces.
02:04
But I want for you to see
02:07
what the statement actually looks like.
02:09
So if we take a look here, we can actually see the query that was sent back.
02:15
It says select star from accounts where user name is equal to Sonny. Okay, so that was
02:23
this portion is, of course, the legitimate or valid account. And I ended that with a tick.
02:32
Then I made a statement of totality stating that one equals one which we know is always true
02:42
and then that ended in a tick. Now, the reason why
02:46
this particular query fails is because I did not comment out the password portion of this statement.
02:55
Okay, not a problem. Let's go ahead and try it again,
03:00
Sonny. Tick space for
03:05
one equals one
03:07
space dash, dash space.
03:13
And now my one equals one attack actually works and you can see the results have come back
Up Next