CTF Guide / Python Prjoect - Automating SQL Injection

Поделиться
HTML-код
  • Опубликовано: 30 сен 2024
  • SQL Injection list:
    github.com/pay...
    BWAPP guide, yes docker really would be the best way to run it:
    infosecwriteup...
    Github link:
    github.com/gan...
    #sql #sqlinjection #python #kali #pentesting #pythonautomation

Комментарии • 6

  • @sussteve226
    @sussteve226 12 часов назад +2

    Any ways to protect my site from this?

    • @gand0rfTRZ
      @gand0rfTRZ  12 часов назад +1

      Input validation and an IDS like Suricata would go a long way to help.

    • @sussteve226
      @sussteve226 12 часов назад

      @@gand0rfTRZ what is ids?

    • @gand0rfTRZ
      @gand0rfTRZ  12 часов назад

      Intrusuon Detection System. I use suricata on my web site. I had a big problem with spray and pray ssh login attempts. After setting it up and adding a rule to drop ssh connects, and adding a ufw rule to only allow ssh logins from the ip address of a mchine I control. The ssh brute forcing has been stopped and isnt taking up resources on my server or clogging up my SIEM logs.

  • @heathbruce9928
    @heathbruce9928 День назад

    Does this attack work with Microsoft sites? The normal Ms query has brackets which would cause the query to fail.

    • @gand0rfTRZ
      @gand0rfTRZ  День назад +1

      It all depends on the database used on the backend. Thats why it is normally a good habit to have several txt files with different payloads.
      Scripts like this can also be tweeked for different cases. Or you can make several scripts. One for sql, nosql, or what ever you come across. The key is learning the differences and building a tools that can work with the different types.

Следующие
Автовоспроизведение
SQL IN clauses are miles faster in Postgres 1722:22SQL IN clauses are miles faster in Postgres 17
SQL IN clauses are miles faster in Postgres 17Hussein Nasser
Просмотров 9 тыс.
SQLite Blind SQL Injection - HackTheBox Cyber Apocalypse CTF35:25SQLite Blind SQL Injection - HackTheBox Cyber Apocalypse CTF
SQLite Blind SQL Injection - HackTheBox Cyber Apocalypse CTFJohn Hammond
Просмотров 71 тыс.
The Race to Harness Quantum Computing's Mind-Bending Power | The Future With Hannah Fry24:02The Race to Harness Quantum Computing's Mind-Bending Power | The Future With Hannah Fry
The Race to Harness Quantum Computing's Mind-Bending Power | The Future With Hannah FryBloomberg Originals
Просмотров 562 тыс.
New Beginnings33:03New Beginnings
New BeginningsEamon & Bec
Просмотров 400 тыс.
Sam Darnold & Vikings MOVE TO 4-0 | Nate Burleson and Matt Ryan break down their success | NFL Today05:13Sam Darnold & Vikings MOVE TO 4-0 | Nate Burleson and Matt Ryan break down their success | NFL Today
Sam Darnold & Vikings MOVE TO 4-0 | Nate Burleson and Matt Ryan break down their success | NFL TodayNFL on CBS
Просмотров 99 тыс.
Florida insurance carriers used altered hurricane damage reports, whistleblowers say13:26Florida insurance carriers used altered hurricane damage reports, whistleblowers say
Florida insurance carriers used altered hurricane damage reports, whistleblowers say60 Minutes
Просмотров 590 тыс.
Spurs cruise to Old Trafford victory / Man United 0-3 Tottenham Hotspur // PREMIER LEAGUE HIGHLIGHTS02:02Spurs cruise to Old Trafford victory / Man United 0-3 Tottenham Hotspur // PREMIER LEAGUE HIGHLIGHTS
Spurs cruise to Old Trafford victory / Man United 0-3 Tottenham Hotspur // PREMIER LEAGUE HIGHLIGHTSTottenham Hotspur
Просмотров 1,9 млн
CTF Guide - Nmap15:57CTF Guide - Nmap
CTF Guide - NmapGand0rf
Просмотров 280
CTF Guide - Putting recon step together11:57CTF Guide - Putting recon step together
CTF Guide - Putting recon step togetherGand0rf
Просмотров 60
THM - mKingdom Walkthrough24:44THM - mKingdom Walkthrough
THM - mKingdom WalkthroughGand0rf
Просмотров 887
python 3.13 release highlights49:56python 3.13 release highlights
python 3.13 release highlightsanthonywritescode
Просмотров 17 тыс.
Writing My Own Database From Scratch42:00Writing My Own Database From Scratch
Writing My Own Database From ScratchTony Saro
Просмотров 229 тыс.
Mining Magnetite16:20Mining Magnetite
Mining MagnetiteCody'sLab
Просмотров 307 тыс.
John Oliver Is Still Working Through the Rage37:32John Oliver Is Still Working Through the Rage
John Oliver Is Still Working Through the RageNew York Times Podcasts
Просмотров 1 млн
Should the better player ALWAYS win?29:09Should the better player ALWAYS win?
Should the better player ALWAYS win?Eddventure
Просмотров 43 тыс.
SQL Injection Attack Tutorial - I didn't know you can do that12:59SQL Injection Attack Tutorial - I didn't know you can do that
SQL Injection Attack Tutorial - I didn't know you can do thatLoi Liang Yang
Просмотров 36 тыс.
Мега-Кидок на 1.000.000.000р, сотни пострадавших! Из Казахстана с любовью!34:12Мега—Кидок на 1.000.000.000р, сотни пострадавших! Из Казахстана с любовью!
Мега-Кидок на 1.000.000.000р, сотни пострадавших! Из Казахстана с любовью!Максим Шелков
Просмотров 330 тыс.
ТАРАКАН00:38ТАРАКАН
ТАРАКАНstunning max
Просмотров 1,2 млн
Бабушка Квадробер из клипа Газана00:20Бабушка Квадробер из клипа Газана
Бабушка Квадробер из клипа ГазанаGazan
Просмотров 612 тыс.
FATAL CHASE 😳 😳00:19FATAL CHASE 😳 😳
FATAL CHASE 😳 😳Sergey322
Просмотров 1,5 млн
From Small To Really Giant Pop Corn #katebrush #funny #shorts00:17From Small To Really Giant Pop Corn #katebrush #funny #shorts
From Small To Really Giant Pop Corn #katebrush #funny #shortsKate Brush
Просмотров 8 млн
КАК БОМЖУ ЗАРАБОТАТЬ НА ТАЧКУ1:36:32КАК БОМЖУ ЗАРАБОТАТЬ НА ТАЧКУ
КАК БОМЖУ ЗАРАБОТАТЬ НА ТАЧКУЖекич Дубровский
Просмотров 1,8 млн
Арабы. Народ без империи @posle_zavtra33:14Арабы. Народ без империи @posle_zavtra
Арабы. Народ без империи @posle_zavtraПослезавтра
Просмотров 962 тыс.
Озеро Морской Глаз ПРЕВРАТИЛИ В СВАЛКУ / Вики Шоу26:23Озеро Морской Глаз ПРЕВРАТИЛИ В СВАЛКУ / Вики Шоу
Озеро Морской Глаз ПРЕВРАТИЛИ В СВАЛКУ / Вики ШоуViki Show
Просмотров 704 тыс.