How To Discover & Exploit Blind SQL Injections
HTML-код
- Опубликовано: 28 сен 2024
- In this lecture you will learn how to discover and exploit blind SQL injections.
This video is taken from my full course on website hacking, check out the following links for more info and to get a discount on them.
My hacking courses - zsecurity.org/...
Website - zsecurity.org/
Facebook - / zsecurity-145325078145...
Twitter - / _zsecurity_
Instagram - / zsecurity_org
Linkedin - / zaid-al-quraishi-5444a...
---------------------
⚠️ This video is made for educational purposes only, we only test devices and systems that we own or have permission to test, you should not test the security of devices that you do not own or do not have permission to test. ⚠️
I think better web app for practicing blind sql injection is bwapp not dvwa.
This is half blind and half union based sql injection example actually.
In blind sql injection you can't see output from database at all.
And thanks zaid I started learning web app pentesting from your course.
Thanks, really helped understanding the concept.
I don't get it. Why not just SQL inject first anyway to see if it works or not. What did the blind injection prove?
This kind of technique is used when you don't have an explicit response from the server to determine if your query was correct or not or even interpreted, at that point you need to ask the server for true and false questions in order to steal data. One method to determine if the app is vulnerable is to check for the response when you ask for a true and false statements, i.e: when TRUE you will receive one kind of response(a normal page let's say), when FALSE you will receive a diferente response (e.g page with an error), if that happened you can determine that the app is vuln for injection since you are getting a response for your crafted TRUE and FALSE questions (query). So it proves that... if the app if vuln or not, the you can proceed with your injection methods.
018: You did mention about previous example, but this is the only SQL Injection video in your channel. If I missed it, could you share the link please. Thanks
Please make a video on installing metasploitable and adding it to virtual box.
just download the .ova file double click and click import that is it man
the %23 , you put on the link are the -- symbol?
and if yes how did u find it ?
%23 is the url encoded value of #
it means %23=#
as we are writing in url we cannot directly write the "#" therefore we have use %23 as url encoded value
Hope this help :)
is not blind Sql .
i also thought that but it is, it's called boolean-based but it would be more practical if he use another attack like time-based