Part 6 - Discovering SQLI

Video Activity

This brief lesson offers a brief introduction into discovering sequel injections. 1. Why it is important? 2. Types of discovery? a. Manual discovery b. Automated discovery 3. VEGA 4. SQLMAP 5. NMAP 6. ZAP 7. ARACHNI

Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
4 hours 20 minutes
Difficulty
Intermediate
CEU/CPE
5
Video Description

This brief lesson offers a brief introduction into discovering sequel injections. 1. Why it is important? 2. Types of discovery? a. Manual discovery b. Automated discovery 3. VEGA 4. SQLMAP 5. NMAP 6. ZAP 7. ARACHNI

Video Transcription
00:03
>> Welcome to Cybrary.
00:03
I'm Raymond Evans and I
00:03
will be your subject matter expert
00:03
for Cybrary's web app penetration testing course.
00:03
In this video we will be discussing
00:03
discovering SQL injections. What will be covered?
00:03
We're going to talk about why it's important,
00:03
the different types of discovery methods,
00:03
and some discovery tools such as Vega,
00:03
SQLmap, Nmap and Zap and Arachni.
00:03
Why is this important? Well, if left
00:03
untested a website could have
00:03
vulnerabilities that are ticking time bombs.
00:03
As I said before in my previous SQL injection video,
00:03
that if it's left undetected
00:03
an attacker can harvest
00:03
information for years and years and years.
00:03
A SQL attack could allow an attacker to gain usernames,
00:03
passwords, and other sensitive details about users.
00:03
With these details, an attacker could elevate
00:03
their privileges and set themselves
00:03
up to do further harm.
00:03
If left undetected, an attacker could
00:03
pilfer data for extended periods of time.
00:03
What are the different types of discovery?
00:03
Well, we can use manual discovery.
00:03
If a website contains a page with a URL that looks like
00:03
this, example.com/page.php ID=1.
00:03
The easiest way to test for
00:03
SQL injection is by doing the following.
00:03
You put a single quote one,
00:03
or you do a one with a single quote.
00:03
If you get an error such as the one below,
00:03
it verifies that there's a vulnerability.
00:03
The error of the MySQL fetch array supply argument is
00:03
not valid unless you know that
00:03
there is some vulnerability there.
00:03
You can also test the form
00:03
fields with one of the statements below
00:03
or you can actually use one of these statements
00:03
in that URL above as well.
00:03
If you get tired database dumped back, you know
00:03
>> that there's a major vulnerability right there.
00:03
>> These are examples down below
00:03
of different forms of SQL injections.
00:03
Because not all of the SQL databases take
00:03
information the same exact way or
00:03
handle the information and the commands the same way.
00:03
Some of these require
00:03
some additional characters at
00:03
the end in order for the database to
00:03
recognize them correctly because of
00:03
the way that the database actually takes
00:03
the normal SQL commands that are
00:03
properly used and pads them.
Up Next