SQL Injection For Beginners
HTML-код
- Опубликовано: 26 сен 2024
- // Membership //
Want to learn all about cyber-security and become an ethical hacker? Join this channel now to gain access into exclusive ethical hacking videos by clicking this link: / @loiliangyang
// Courses //
Full Ethical Hacking Course: www.udemy.com/...
Full Web Ethical Hacking Course: www.udemy.com/...
Full Mobile Hacking Course: www.udemy.com/...
// Books //
Kali Linux Hacking: amzn.to/3IUXaJv
Linux Basics for Hackers: amzn.to/3EzRPV6
The Ultimate Kali Linux Book: amzn.to/3m7cutD
// Social Links //
Website: www.loiliangya...
Facebook: / loiliangyang
Instagram: / loiliangyang
LinkedIn: / loiliangyang
// Disclaimer //
Hacking without permission is illegal. This channel is strictly educational for learning about cyber-security in the areas of ethical hacking and penetration testing so that we can protect ourselves against the real hackers.
I have started work at Amazon Web Services. Will you be keen to see a day in the life of an AWS cybersecurity professional? :)
Yes 😀
Yes
Yeh. We are waityn
Yes and also process to reqch there
YES YESYESYES
I love this channel:
Straight to the point
No jokes
No advert
Nothing extra outside of just learning content
Great great great 👍🏽👍🏽
Would you help show the installation of the bricks web app. I have installed it and tried to run it but I receive an error saying there is an error in line 9 in the config.php file.
Thank you so much Loi! Your info is extremely valuable for beginners who are trying to make their websites slightly more secure.
this was useful like in the 20th century, but now everybody uses libraries to abstract over sql and those utitlize the protection mechanisms against this kind of injection. And even if you don't use libraries, then you can just use escape charaters (eg: &qt) for quoting and all will be fine
there is an answer for your complain under your comment, lmao. " Thank you so much Loi! Your info is extremely valuable for beginners who are trying to make their websites slightly more secure. " It is not about hacking the system, but for teaching beginners to understand what technologies are used to hack, so we beginners can prevent them.
the thing to bring out is some sites developed by devs that didn’t aware it. and you were the customer of that site who inputted the cred info 😂
@@altayyerassyl3213 I understand your response now that you commented it 18 hours ago. I agree with you that this information is extremely valuable for beginners, and I actually did the full PortSwigger Labs course on SQL injection myself. However, my comment was written more than a year ago, and back then the video was called “How to scan and PWN any website”. It was NOT called “SQL injection for beginners”. Therefore, I excepted this video to be much more advanced and cover advanced topics applicable to modern times. You can see a lot of comments very similar to mine in that regard. I guess that’s why the author eventually renamed the video from click-bait crap to something useful.
@@kostiaperegudaplop just used sql injection to hit moveit and the US defense lmao, now it doesn’t look dumb does it 😊
@@strang7739 in general such vulnerabilities are discover by tools, not by people, moreover, specific vulnerabilities like injection vulnerabilities are discovered mostly using white-box analysis, which operates on the source code. It is very rare that black box analysis alone can discover such specific vulnerabilities. Therefore, most of the vulnerabilities are published by the software manufacturers themselves, together with updates fixing those vulnerabilities. However, the hacker gangs try to perform what is known as a zero-day exploit. They target users of the software, who has not updated immediately, and thus hack them using publicly known vulnerability. This is exactly what clop has done. Clop used publicly available exploit to hack into organizations who have not updated the software. 90% of security breaches are actually exploiting already known vulnerabilities and publicly available exploits of the older versions of the software and are happening because users are not updating their software to the newest version. P.s. that’s why you must never disable automatic Windows updates on your PC:)
I actually think I love you. Every video you make basically saves me 1-2 months of life, I seriously can't thank you enough!!! Just yes
Sus
@@rcsxuth8594 idc
@@JohnRobertPotter u were like : omg..>! i think im in love with you!
@@rcsxuth8594 yep
@@JohnRobertPotter nope sus still if u say idc then u sussy baka and if u try to cheat the system u gay af fr
Thx for making my requested video!! Apreciate it!
A simple way to protect input fields is to convert them before they are part of a sql query. It could be as simple as base64(input string). This way the original query can not be injected. You could also modify base64 algo by shuffling the defined character string of the base64 algo.
Thats why we gotta hash passwords??
@@damegaye3051 No. You hash them because if the database is getting hacked, the hackers only got hashed pw instead of plaintext pws. You can crack them with the help of rainbowtables but it needs to be in there to do so.
Maybe I get you wrong but I think what you say isn't working.
Instead of base64 them (which means they would decrypted and executed aswell) you should use something like "mysql_real_escape_string" and for security reasons and cleancode aswell you shul typehint them. So, if you are working with GET and POSTS from whereever (even in Cookies, which can be manipulated easily) you should do something like $myGetter = (int) $_GET['myGetter'];
@@timmytainment i cracked a hash some time ago, and the password was 1233abcd.. lol
Use prepared statement, hash and salt the password.
I have started in this beautiful world of content on RUclips, I am new to this and here we go with issues of cybersecurity and ethical hacking
a lot of guy on youtube share video and some step are skipped and when im trying at ame time i need to start again ,your video , not 1 time i move video backwards good explication . nice job
I love this video. Got me excited about Pentesting again
Thank you so much for uploading this, i'm VERY interested in cybersecurity but as far as i know, none of the universities near me have it as a career option and i find your videos to be really informative and entertaining!
tryhackme and hack thebox u probally found it now
where do you live?
Thank you for making this. I am getting into backend webdev and this helped me audit my own code. Thanks!
I like how the video is entitled "Learn from a pro hacker now" this got me to watch this fr
i have no clue what to do with this but ill keep it in mind
@@callimero2731 There is no need for teamwork lol. SQL injections are plain and simple, either via the list of SQL queries or centralized injection systems that sprout these attacks. This is not movies lol, when hackers work with each other and say: "I'm in!", hahaa. It is usually one perpetrator. Nowadays, due to many services offering DDOS protection, it is more likely to get hit by MTM (man in the middle attacks) that abuses the communication between two users by altering the message or stealing ID_key from either valid communicators and then communicate with 1 of them instead. Though true, DDOS attacks are **sometimes** performed in groups due to sheer overload needed to crash a desired service. Usually, perpetrators turn to bot networks or service injections that use foreign/unauthorized access to vast amounts of computers. Then, they use them to send the payload to the certain service's address. However, due to the filtering systems used nowadays by packet management systems in our devices...it is hardly possible to do anything decent without proxies.
@@Guide4Ever Thank you, it was just my opinion
@@callimero2731 who tf is using sqli for ddos?
u can extract data from website that us vulnerable to this exploit.
You are great teacher. I am new to cyber security.
Have been seeing videos on RUclips and so far you are the best. How can I join your members only channel?
I’m quite excited about learning.
Next to the subscribe button, there is a join button. You have to pay for it
You are the only person who discusses hacking material on RUclips but RUclips doesn't block you, I like your style, you are my guide
@@retro4848 oh god, sure:)
this is fixed years ago. using escape characters or isolating the input. Basically, just proper programming practices will do the trick.
Devs are gods in earth
Yeah, now all modern languages have build-in escaping or ORMs. This vulnerability dead from ~2007.
@@AngelVlad100 super agree
@@AngelVlad100 haha lol ...sql injection is still no 3
@@PastEventsTV I know, but I didn't see any actual public website with such vulnerability for the last 10 years.
This is actually awesome to show sql injection tools but that was not an SQL injection principle tutorial
Thank you for the video btw, very helpful for me! :)
I like how you explain all in simple terms...
Sir, as you are an insane expert in this field we want to know what are the steps you followed to get up to this stage what are the things you followed and etc, please make video on this.
Thank you Mr.Yang. You helped me to graduate from university. THANK YOU! :)
Which command you use to go the word list at 05:02 sec
I want to thank you for inspiring me to take up Cyber Security. I just paid for your training on Udemy.
Don’t fool anyone, you’re going to become a hacker!
@@Hephasto no harm on that , how are we gonn improve our security if there is no one to hack it 😜😜
@@hamzajon8823 if there was no hackers there would be no need to secure anything, does it make sense?
@@Hephasto and so millions of jobs would be gone
This is useful information so important about 95% of vulnerability disclosure programs are all looking for this vulnerability
mostly of the ORMS in the market today treat this issue. But in my college times i have enjoyed this :)
always love your content loi
Great video
Please can u explan from where to start to be hacker?
I think he already made a video. But you could start with hackthebox or tryhackme if you want to look if its the right thing for you
This is crazy I'm glad I saw this red team security demonstration
Only works for old fashioned PHP-based applications for the most part. There's still quite of few of those out there don't get me wrong. But it is going to be very hard to find any website worth hacking that's still vulnerable to SQL injection.
Subscribed - learnt more in 5 mins than 5 years
Thank so much
I have searched alot for an excellent channel like this
And I want to ask you if you could expand a lot and deep hacking on the future videos
I don't want to use this for evil
All what I need is to practice and have a good job
Keep going
I wish you a happy life 💓💓
Compared to the mischief i used to get up to 20 years ago, can i just say this is absolutely WILD stuff. So, so very tempting....😬
Thanks so much Loi. This is awesome content.
You have got 1 new subscriber from me
Informative video, thank you, but naming it "How to scan and Pwn any website" may be a little misleading. Some people will think that "any" website using a database suffers from sqli, which is not the case
It should be titled "**some old websites".
exactly what I was thinking. 95-98% of websites I have seen do not display SQL back to the user on the bottom or in the browser console. there have been some exceptions, this is why it's not 100% but to cover just that case only in a video is a weak idea. so the examples are not realistic. for learning it's ok but for a realistic example, it's not even close to how the real world works 🤷♂️
@@stevema2 You can still encounter some real world applications that suffer from sqli. If the devs are lazy and do not use input validation or/and prepared statements, you may end with an sqli. You don't have to get an obvious sql syntax error to exploit it, some times ou may get a 500 internal error that may be indicative of an sqli. Still, devs are more aware of these issues these days, they use also frameworks that embeds already sqli protection routines. that's why saying "Any website" is misleading good sir Loi Liang Yang
@@tojogamer1733 totally with you. you and I are saying the same thing different ways, just that I haven't seen many web apps where I see a SQL statement being written back to the browser console or in an HTML div. That was my point. There are exceptions but it's not as common which is not "Any website" 😉
@@DirePantsDim there are some new websites who still suffer from sqli
Great insight and explanation on SQLI! This is great!
4:24 in as of commenting this. Thats super creative, just getting it to put syntax into its message. Legit classic movie style.
Wat do u mean. Hope u dont mean that, Thats a virus!!!
@@francesgisondi7216 Hope I don't mean what?
I mean, just escape your damn SQL. Take advantage of libraries such as PHP's pdo, nobody has got pwn'd like this since the early 2000's.
Exactly - this is like telling people to take advantage of an XP loophole when everyone isn't using XP. ANYONE making a website that doesn't use prepared statements, and input escaping basically shouldn't be doing it. Most people with little to no web skills will probably use an off the shelf CMS like Wordpress and that has all these entry points covered. They'd either do it themselves using that or go to an external design agency who will do it for them. There are so many off the shelf packages and "systems" (squarespace etc) now that having a modern website is so simple my 12 year old can do it. All those websites come out of the box with inbuilt protection against this sort of stuff so this video will only help you against a website that hasn't been updated in years, and is most likely not even relevant any more anyway.
Appreciate the content but you should be focusing on the nature of these exploits and what people should be doing to defeat them.
In addition - a lot of "quality" web hosting providers include auto blocking of attempts to run sql injection so repeated attempts will fail (often the first time). I know of one that increases the ban time by a factor of 2 each time it detects such an attack starting at 2 mins for the first attempt. 15 attempts in and you have to wait over 540 hours before the webserver will even speak to your machine to announce it's accepting your connection, let alone run any kind of input for you...
@@andyjackson3663 do you know some of the more effective attacks being used today like xss or something else ?
It's still plenty common in websites up today, even ones that are brand new.
Still part of the ethical hacker courses, so still relevant. Be thankful people take their time to produce such content instead of trying to be a clever shyte.
Thats why when you run sql injection you need multiple zombies or to run a script that randomizes ip or both so the servers firewall wont trip at the sheer amount of data coming from one computer
Great video, could you do a tutorial on John the ripper please?
Online manual is a good place to start
having problems with website, when I click login or really anything else it redirects me to the owaspbwa shit version of the website, any help?
Can you explain in depth how that payload actually fits in the sql query, by commenting other parts of the query? I am a beginner here, can understand some parts not full..
if i was using windows 7 without internet connection and just playing spyder solitaire what would that mean for hackers?
that is what a hacker would call an "air gapped pc" they use similar security measures for highly protected data 1 authorised specialist at a time only transferring data using usb etc only way into a system like that is maybe bribe the computer specialist that has access to insert a usb download the data onto it get it back and open it when you get back to your pc :)
congrats bro,you got 1m
can't believe why this channel has only 261k subscribers
Hello @Loi Liang, thanks for this tutorial.. but i would like to say, how effective is SQLi on react,and node js apps ?
Thank you sir, we need more classes!!
impressive truely a master programer Salute...😎
Nice bro, i have so much learnee from you!!!!
Thank you very. A very very important and informational video learned good things.
Love you bro ❤️❤️❤️
Ye chaca idhar bhi☹️☹️☹️☹️
how to setup the brick web application in kali linux? Does anyone have tutorials about it ?
Well entire video goes over my head.
This is why I prefer PDO over mysqli. PDO is so much harder to inject with.
Loi I have a question about reverse engineering in android,,,,,how possible is it guarantee to bypass apps functions?
I literally watch your videos to help secure a web based game I'm making. I have no experience and know people will find ways to cheat the game or take it offline. Ive been using your tricks to clean my code.
what programming languages did u use to make the game ? and are u self taught ? or went to school to learn? if so what online free resources did u use to learn all that. Thanks :)
@@slicker1260 Nobody have the same route towards being a good developer, I tell u what try youtube, coursera, udemy, udacity and just see what suits you, also learn and APPLY don't just learn.
@@ahmedbahaj8786 the learn and apply part is some of the best advice you couldve offered, i took a programming class back in the day, and after i was done with the class i didnt really do anything with the knowledge i gained, so i forgot a decent amount of what i was taught. had to go to another programming course to make sure i was job ready haha.
Cool, profesional, straight to the point. perfect.
ypu are my best mentor love your videos
you deserve subscribe
amazing sir.
from Indonesia
Hi, man, thanx for vid, could you explain where did you get sql select command, I mean where is it possible to see this command to DB from website?
You are really awesome lecturer.
Tysm for tutorial. Love you sir..😊💐💐
This was very helpful thANKH you.
Most stuff has a WAF that blocks sqlmap etc.. Even with the WAF param... Even small hosts
Love the way you explain things ..keep up the info
Acunetix + sqlmap
Thank you !! You made me curiuos
it worked, it worked. thank you so much.
Wow so glad I joined your channel
Hey man, can you make a playlist for all the videos that a noob can watch to learn, like literally someone who just decided to start and completely new to all these jargons, like literally teaching a newbie.
Study CSS, C+ and java
as a beginner everyone will tell you do this do that ! ... but man you have to figure it out by yourself whether you google or watch you tube videos
It's is easy to understand,very good
would this tutorial be a begginer for testing a solo project websites for any vulnerabilities of a said project?
look a function mysqli_ mysqli_real_escape_string etc this is secure functions
Thanks for your information and cooperation sir
Subbed but prepared statements should nullify these types of attacks.
Informative and scary at the same time.
@Jonathan Dahan The part of your statement "without needing to know what's going on behind the scenes" is the part I am concerned with. I will also add if everything is so secure why the need for PEN testing in the first place? I get the fact that majority of the vulnerability's are cause by the end user. You would think people who head up IT security would be more aware of the simple stuff.
@Jonathan Dahan It would be safe to say then that pen-testers will always be needed to some extend in the industry for the foreseeable future? As with everything computer related I just state don't download anything from an unknown source. Keep software up to date and use anti virus. And the biggest one I constantly say back up your data!
Dear Loi , there is one thing I really did not understand , first you enter the webpage that you want to SQL inject which is Bricks.
You click Login, several login boxes. you just click the first one. when you random enter a name and password. Eventually it gives down below a "SQL QUERY " , you open a terminal and just put that QUERY from the page and paste it. How is that possible you just paste a text and suddenly there is connection between webpage (bricks) and your terminal. then open kali terminall you do this on kali according to the`1` = `1 this code gives you the possibility to log in and also SQL QUERY comes once again down below after you logged in , because you never entered anything about webpage how kali recognized that which page you are trying to do the SQL Injection? at the beginning you did not also enter any IP or something into kali? I d be happy if you could explain
Thank you.
You need to target the input field where it is vulnerable. It is vulnerable when the website is giving a response which is different from an expected input.
@Loi Liang Yang Thank you, I try better, still could not manage thou.
I wanted ask there is other membership, what's content difference in between Cybersecurity course and fullcybersecurity?
Amazing video tutorial! Thanks you so much. I'm currently studying Web Application Penetration Testing. It was very useful for me!
Get your Like!
please make video on session hijacking
Thank you , as a student of sql I see how could this language be used
wow, you're genius! great, thanks
Do website show SQL commands when logging? I can't remember now but that is silly and easy to prevent
Wow-- a thirty-minute presentation in 13 minutes!
even beginners use now prepared statements not to mention salted binary passwords
how did you get how the application talk to the database text ?
Thanks for Mr Yang. Can I have a question? How can I bypass Sqlmap TLS errer?
isnt all sql injection prevented by parameterized queries
Depends how you define that. You cannot modify the query. But you can still inject shit into the database, that should not be there and that might be evaluated later. Javascript for example.
Main problem is to bypass WAF (See below list) with SQLMAP. Second SQLMAP can't bypass XOR base encoding and complex time based query restrictions. Some Pakistani hackers has developed their own version of SQLMAP so called GHURI. Similarly ATLAS tool works best with SQLMAP to suggest best suitable WAF bypass tamper scripts.
Hope to see advance tutorial on these topics soon.
WAF List SQLMAP can't bypass easily 🙁
#1) AppTrana
#2) Prophaze WAF
#3) Cloudflare WAF
#4) Sucuri Website Firewall
#5) AWS WAF
#6) Akamai
#7) Imperva
#8) Citrix WAF
#9) F5 Advanced
#10) Barracuda
#11) Fortinet FortiWeb
#12) SiteLock
Thanks ✅️ 😊 🫂
From VietNam. Thankss
sqlmap misses out on many opportunities like it doesn't work on altoromutual which is prone to basic sql injections
Any website? Good luck getting into mine..... If you're not running a database this won't work. Your heading should be changed to websites using databases. ;)
Hmm... Reasonable. So, if the web running a database from cloud it also wont work sir? Correct me sir, i am just a learner.
@@ferrymeirliyanto3184 Then it's not really your web sever. It's a server of another company running their own database. If you are using their code on your website then yes the SQL injection will work if their site is vulnerable. The best way would be to set up your own web services and database and ensure you know how to keep it locked down well. Make sure you are always keeping your web site (if running Apached2) and it's services including SQL mySQL etc up-to-date with the latest security patches. You also need to ensure your own router is not vulnerable if you are hosting your own web site from home like I do. Then always keep logs and keep an eye on the traffic to ensure nothing suspicious is happening. Make sure your site is always encrypted too (i.e. it has the Lock icon in the address bar and it says your site is secure). You can use Letsencrypt to keep it constantly updated and encrypted with valid certificates. Ultimately if you want to develop a website and host it yourself there is quite a bit to learn and is a steep learning curve to ensure your website is secure. Most people choose to host their website through other companies because it's easier for them and they don't have to learn much and everything is mostly managed by the hosting company. I don't trust anyone except myself and if anything goes wrong I know immediately what has happened and can patch the issue if I have to .
@RDP very clear explanation. Thank you so much sir. I can figure out. Hopefully, one day i can practice what you did.
I am still learn step by step.
Do you have course like udemy or anything else? Want to study from master like you.
@@ferrymeirliyanto3184 Unfortunately I don't have or run courses. I'm too busy running my own electronics business and manage my own web site. The best way to learn though is by reading books and take your time to learn the various languages and study security erratas etc. Also practice penetrationing on your own machine too like Lio Liang Yang shows you in his videos. His content is actually very good especially if you want to practice pen testing.
@@rdp8545 thank you for this enlighten knowledge. Thank you so much sir.
Awesome. Thanks so much Liang Yang :)
you´re awesome man, thanks for sharing.
Good morning sir Loi what tools did you use?
Thank U Sir, love ur contents
Pls help i need code of websites (login pages php)
How can I start learning and being a black hat hacker? What site or forum should I join
Hi dude , i need help, i have just started the bug bounty and have problem because i can't find vulnerability for any website , could you guide my to find a bug easily? i must do something for more learning? tnx for answer me
about your channel: I was looking for copper and I thought it was gold
Thank you Loi and keep up the good work!
How well do filter_input and filter_var in PHP protect against these?