Live Hacking: SQL Injection For Beginners (Part 1)
HTML-код
- Опубликовано: 9 июл 2024
- Sign up for Snyk for free: snyk.co/techraj
Some useful resources on SQL Injection:
snyk.io/blog/sql-injection-ch...
snyk.io/learn/sql-injection/
snyk.io/blog/sql-injection-or...
DISCLAIMER: The demonstration shown in this video is
performed in a controlled lab setup. This video
is for educational purposes only. You can only
perform penetration testing in your own lab
environment and doing it on any live application
is not allowed and it is a crime unless you are a
professional and have appropriate permissions.
In this video, I demonstrated Error-based SQL Injection and by demonstrating it practically on an intentionally vulnerable application called Juice Shop.
OWASP Juice Shop is probably the most modern and sophisticated insecure web application! It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications!
In this video, we exploit the SQLI vulnerability on Juice Shop
Juice Shop: github.com/bkimminich/juice-shop
You can run juice shop on your computer by simply using Docker (check out the above link to read the instructions on how to do so)
Originally, this video was supposed to contain both Error-based SQLI and Blind SQLI, but since the video is getting very long, I had to split it into two parts. This is part 1 that has the Error-based SQLI demo, the part 2 will have the Blind SQLI demo.
I uploaded part 2 to Odysee (LBRY based app) to support the cause of decentralizing the web. Decentralization means no censorship and content freedom!
Unlike platforms like RUclips (which are biased and controlled by a central authority), decentralized applications are not controlled by any single authority, no one has excessive powers or privileges over these applications, and most importantly they are also open-source so no data theft!
This is why I believe the decentralized web is the future!
Learn more about LBRY (a content-sharing decentralized application): lbry.com/
Watch Part 2 on Odysee: odysee.com/@techraj156:4/sql-...
If you are new to Odysee, you can use my link to signup: odysee.com/$/invite/@techraj1...
Chapters:
0:00 Disclaimer & What are we going to learn in this video?
1:31 About our sponsors - Snyk
5:06 What is SQL?
5:57 What is SQL Injection?
7:06 SQL Injection on Juice Shop
7:37 Install Juice Shop on your PC with Docker
10:22 Exploiting SQL Injection in the Login feature
18:20 Exploiting SQL Injection in the Search feature
34:39 Using SQL Map to automate SQL Injection
39:35 Error based SQLI vs Blind SQLI
40:31 Using Snyk to find and fix SQL Injection bugs
50:31 End of Part 1
Thanks for watching!
SUBSCRIBE FOR MORE VIDEOS!
Join my Discord: / discord
Follow me on Instagram: / teja.techraj
Website: techraj156.com
Blog: blog.techraj156.com Наука
Watch part 2 on Odysee (LBRY based decentralized content-sharing application): odysee.com/@techraj156:4/sql-injection-part2
Also, check out Snyk: snyk.co/techraj
Ok after 50 min
What is your qualifications
Would this work in case of a Ajax request where content type is just one string( application/x-www-form-urlencoded)
the quality of his video- 101%
RUclips messing with his channel - 2000%
result - max 10k viewers :/
True😢😢
Apke comment ko yt ne dekha or video ko thoda boost diya 😀
@@appyviral8753 lmao
Need more content like this.
@📌Pinnedby Tech Raj RUclips okay RUclips Bot
Raj I can't thank you enough for this beautiful and instructive content on SQL injection. I have learned a tone of new things. We need for content like this especially for bug bounty hunting. Thanks bro!!👍🏽🙏🏽
Need this types of videos from you
was waiting for a long time
@📌Pinnedby Tech Raj RUclips are you able to see who subscribed you?+ which browser do u love the most?
Expecting more content like this 🙏🙏🙏
We want more of these type of videos !
You are doing a great job
Loved it, need more lessons like this thankyou ❤️🔥
Dude thanks a lot man ur vids are really informational
WE NEED MORE!!
There are many videos on SQL and I have learned but not the complete and it's interesting to learn from your favorite RUclipsr
Thanks for watching...
+:1-5-1-6-3-9-9-1-9-1-1
Direct feedback 📥
Very informative as always ❤
Good one
I would not see any Indian Course
But today I am Proud of You
Thank You Anna
Great content. Expecting more content like this.
GREAT VIDEO
THANK You FOR MAKING IT
Underated channel...the incredible way of exploitation explaination, hatsoff dude. keep growning bro.
We need more content like this more
Frieking luv u man wonderfull explaination
Liked and subbed!
Dude lot of thanks ❤️ good information
Thanks!
Nice buddy thank you
Awesome bro
WoW! I even downloaded this
NICE VIDEO BHAI, liked it alot
I didn't knew that sql can be used for this i thought it was usless while learning it in my class😊
But now😍
🤣🤣🤣🤣
Most ignored thing in the world : This video's *DISCLAIMER* 😂😂
Thanks for your review...... For more information.... contact my recommended broker
+1=4=2=3=8=0=1=8=4=0=6
W/H/A/T/S/A/P/P""
Great tutorial bro , i hope u'll be making more of these cool content . 👏🏻
@📌Pinnedby Tech Raj RUclips Scammer.
Bro keep it up!
_Raj_ *Make some great courses please*
very Informative 👍👍
thank u for the video
You are doing great work please continue this serie..
✓✓T•E•X•T•M•E✓✓
✓✓+•1•5•1•6•3•9•9•1•9•1•1✓✓
✓✓F•O•R•M•O•R•EG•U•I•D•I•A•N•C•E✓✓
A•N•D•I•N•F•O✓✓✓✓✓✓✓✓✓✓
love this
This channel covers a lot of content that is hard to find accurate information on these days… reminds me of the Wild West internet before everything got nerfed 🤓
Want more content like this🔥
First time I found a very usefull sponser.
✓✓T•E•X•T•M•E✓✓
✓✓+•1•5•1•6•3•9•9•1•9•1•1✓✓
✓✓F•O•R•M•O•R•EG•U•I•D•I•A•N•C•E✓✓
A•N•D•I•N•F•O✓✓✓✓✓✓✓✓✓✓
I was just suffering a lot learning SQL injection
Thanks a lot 🥺🥺❤️❤️😺
Thanks for your review...... For more information.... contact my recommended broker
+1=4=2=3=8=0=1=8=4=0=6
W/H/A/T/S/A/P/P""
Wow bro you are great 👌
Bro this is elite 😮 🎉❤ love from Maharashtra
After giving a watch, I downloaded the video. Not sure if youtube removes this one too!
Love from you ♥️
Literally
I love your English
Thanks for your review...... For more information.... contact my recommended broker
+1=4=2=3=8=0=1=8=4=0=6
W/H/A/T/S/A/P/P""
Which os should a starter should use windows or linex
Great demonstration
Love you bro
Good content deer
need more
Good one
Good Explanation
Going to the second half
We can also use google cloud docker right?
Brave man
Make a video on blind SQL injection
My friends Facebook id got hacked how we get that id
Instead logging in as the first user in the database, what do I enter to use ORDER BY RANDOM so I login as a random user
We need more content related. To ethical hacking raj big fan of yours
Hi bro there an issue for me how can i contact u
10,300th view
Lots of love and support from Tripura (North-east)
✓✓T•E•X•T•M•E✓✓
✓✓+•1•5•1•6•3•9•9•1•9•1•1✓✓
✓✓F•O•R•M•O•R•EG•U•I•D•I•A•N•C•E✓✓
A•N•D•I•N•F•O✓✓✓✓✓✓✓✓✓✓
thank you sir
i appreciate the time that you spent to make this video and to teach us these stuffs
i really respect you, hope you can teach us ethical hacking well but not on youtube cause , you know there're some rules in youtube that don't allow to share these things
Need more
Hello, Can you make video on something like Do's and Dont's for newbies who's have just started to learn? Likewise you said on well equipped environment and such stuffs like Is it safe using my personal emails on the Virtual Box or Dual booted linux distros where I practice injection, penetration tests and stuffs? And other common mistakes? Maybe hope I make some sense here. : )
Tq u
✓✓T•E•X•T•M•E✓✓
✓✓+•1•5•1•6•3•9•9•1•9•1•1✓✓
✓✓F•O•R•M•O•R•EG•U•I•D•I•A•N•C•E✓✓
A•N•D•I•N•F•O✓✓✓✓✓✓✓✓✓✓
Man You are damn talented ❤️
@📌Pinnedby Tech Raj RUclips I Thought You are also from India
@@ankitshaw1388 ha ha its fake
Need more videos man...👍
Thanks for watching...
+:1-5-1-6-3-9-9-1-9-1-1
Direct feedback 📥
Thanks bro 😁
W..H..A...T..S...A..P..P..><
>>>>>>>>>>>>>>>>>>>
+••1••5••1••6•• 3••9••9••1••9••1••1••
🔥🔥🔥🔥🔥more more more
Part 2🔥🔥🔥🔥🔥bhi aane de jaldi
lots of love from Russia
Bhi aik phone sa dosra phone hack kasy karna hai
Which is best for coding and hacking
Windows Or Chromebook.??
What if login have email validation ? Which query to use for sqli
Use it on password field
It says invalid email
man i liek your mic can you add the link in desc?
SNYK same like NMAP?
Mallus ❤️
Pls Upload 1 video per week
Uplod more like this
Hi teja. Please make a video for a system that records attendance of students entered in meet,the time they remained. Please make
Sqlmap showing me false positive and unexploitable point detected even vulnerability is available what i do please tell me
Tutorial will start at 5:01
✓✓T•E•X•T•M•E✓✓
✓✓+•1•5•1•6•3•9•9•1•9•1•1✓✓
✓✓F•O•R•M•O•R•EG•U•I•D•I•A•N•C•E✓✓
A•N•D•I•N•F•O✓✓✓✓✓✓✓✓✓✓
Great raj, expecting contents like this.! 👍
Who needs his hacking course??
yee
Legends be like: *What is SQL* 😅😂
Structured query language
@@Divaaakar yeah 😂
@Md golam Mostofa 🤣
It's like a database managing language
@Md golam Mostofa It's easier than programing.
Great Tutorial Teja ;) Have a good day ♥
Sir make a video where we can mining in android via command/running python cudo/nanopool code use via in android make a video this goona be good 🔥
based decentralized content-sharing
More videos please 🥺🥺🥺
T•h•a•n•k•s f•o•r W•a•t•c•h•i•n•g. f•o•r m•o•r•e I•n•f•o o•r g•u•i•d•a•n•c•e
W•H•A•T•S•A•P•P +•1•5•1•6•3•9•9•1•9•1•1
Extremely waiting for u bro ❤️❤️❤️❤️❤️❤️❤️❤️❤️
Imagine getting pinned by *TECH RAJ*
Reality : Get Reply from Scammers 🤣🤣. Named pinned by Tech Raj
Your comment is pinned by Tech Raj
@@Lokendrakushwah12 no bro
@@Trikoo he is joking buddy 😂😂
@@avijitd22 ooooo😂😂😂😂😂😂😂😂😂😂
Please make a video on how to extract drm key 🔑 from drm url
👍👍👍
1 05 " so bhaiya "🤣🤣
Bro can u plzzz say ur pc specs plzz bro
Plzzz make more brooooo pzzzzzzz🙏🙏🙏🙏🙏🙏🙏🙏
Good video, didn't like the Snyk promo at the end.
Sir please make a video about phoneinfoga
T•h•a•n•k•s f•o•r W•a•t•c•h•i•n•g. f•o•r m•o•r•e I•n•f•o o•r g•u•i•d•a•n•c•e
W•H•A•T•S•A•P•P +•1•5•1•6•3•9•9•1•9•1•1
Mining videos please
We have better way to do ! But i appreciate because you focus on basics
✓✓T•E•X•T•M•E✓✓
✓✓+•1•5•1•6•3•9•9•1•9•1•1✓✓
✓✓F•O•R•M•O•R•EG•U•I•D•I•A•N•C•E✓✓
A•N•D•I•N•F•O✓✓✓✓✓✓✓✓✓✓
Broo i want resources for learning web security can you plzz help me pointing in right direction I'm confused totally what n where to study and practice plzzxx
Thanks for your review...... For more information.... contact my recommended broker
+1=4=2=3=8=0=1=8=4=0=6
W/H/A/T/S/A/P/P""
Sir i wanna learn how to hack color prediction games I need ur help
Plz sir help...
Sir plz help