Time
4 hours 20 minutes
Difficulty
Intermediate
CEU/CPE
5

Video Description

This brief lesson offers a brief introduction into discovering sequel injections. 1. Why it is important? 2. Types of discovery? a. Manual discovery b. Automated discovery 3. VEGA 4. SQLMAP 5. NMAP 6. ZAP 7. ARACHNI

Video Transcription

00:04
Welcome to cyber ery. I'm Raymond Evans, and I will be your subject matter expert for cyber areas. What about penetration? Testing? Course
00:11
This video. We will be discussing discovering sequel injections. What will be covered? We're gonna talk about why it's important. The different types of discovery methods and some discovery tools such as Vegas sequel map and map and zap
00:25
and ah recognize. Why is this important? Well, if left untested, a website could have vulnerabilities there. Ticking time bombs,
00:34
as I said before and my previous sequel, Injection Video,
00:39
that if it's left on Detective
00:42
on Attacker can harvest information for years and years and years. A sequel attack could allow an attacker to gain usernames, passwords and other sensitive details about users. What these details and attacker could elevate their privileges and set themselves up to do further harm. And if left undetected on, attacker could pilfer data for extended periods of time
01:02
where the different types of discovery
01:03
well, we can use manual discovery.
01:07
So if a website contains a page with the girl that looks like this example dot com page dot PHP, i d equals one. The easiest way to test for sequel injection is by doing the following, so
01:18
you put a signal quote one
01:21
or
01:22
you do a one with single quit. Get an error such as the one below
01:26
verifies that there's a vulnerability. So the
01:30
care of, Ah, my sequel Fetch Array supplied argument is not. Balan lets you know that there is some sort of vulnerability there. You can also test the form fields with one of the statements below, or
01:42
you can actually use one of these statements in that you are well above as well.
01:49
And if you get your tired database dumped back, you know that there's a major vulnerability right there. These are examples down below of different
02:00
forms of secret injections,
02:04
because not all of the sequel databases take information the same exact way or handle the information and the commands the same way.
02:15
So some of these require some additional characters at the end in order for the database to recognize them correctly
02:23
because of the way that the database actually takes the normal sequel commands that are properly
02:30
used and
02:31
pads them

Up Next

Web Application Penetration Testing

In this web application penetration testing course, SME, Raymond Evans, takes you on a wild and fascinating journey into the cyber security discipline of web application pentesting. This is a very hands-on course that will require you to set up your own pentesting environment.

Instructed By

Instructor Profile Image
Raymond Evans
Instructor