Would you help show the installation of the bricks web app. I have installed it and tried to run it but I receive an error saying there is an error in line 9 in the config.php file.
a lot of guy on youtube share video and some step are skipped and when im trying at ame time i need to start again ,your video , not 1 time i move video backwards good explication . nice job
this was useful like in the 20th century, but now everybody uses libraries to abstract over sql and those utitlize the protection mechanisms against this kind of injection. And even if you don't use libraries, then you can just use escape charaters (eg: &qt) for quoting and all will be fine
there is an answer for your complain under your comment, lmao. " Thank you so much Loi! Your info is extremely valuable for beginners who are trying to make their websites slightly more secure. " It is not about hacking the system, but for teaching beginners to understand what technologies are used to hack, so we beginners can prevent them.
@@altayyerassyl3213 I understand your response now that you commented it 18 hours ago. I agree with you that this information is extremely valuable for beginners, and I actually did the full PortSwigger Labs course on SQL injection myself. However, my comment was written more than a year ago, and back then the video was called “How to scan and PWN any website”. It was NOT called “SQL injection for beginners”. Therefore, I excepted this video to be much more advanced and cover advanced topics applicable to modern times. You can see a lot of comments very similar to mine in that regard. I guess that’s why the author eventually renamed the video from click-bait crap to something useful.
@@strang7739 in general such vulnerabilities are discover by tools, not by people, moreover, specific vulnerabilities like injection vulnerabilities are discovered mostly using white-box analysis, which operates on the source code. It is very rare that black box analysis alone can discover such specific vulnerabilities. Therefore, most of the vulnerabilities are published by the software manufacturers themselves, together with updates fixing those vulnerabilities. However, the hacker gangs try to perform what is known as a zero-day exploit. They target users of the software, who has not updated immediately, and thus hack them using publicly known vulnerability. This is exactly what clop has done. Clop used publicly available exploit to hack into organizations who have not updated the software. 90% of security breaches are actually exploiting already known vulnerabilities and publicly available exploits of the older versions of the software and are happening because users are not updating their software to the newest version. P.s. that’s why you must never disable automatic Windows updates on your PC:)
A simple way to protect input fields is to convert them before they are part of a sql query. It could be as simple as base64(input string). This way the original query can not be injected. You could also modify base64 algo by shuffling the defined character string of the base64 algo.
@@damegaye3051 No. You hash them because if the database is getting hacked, the hackers only got hashed pw instead of plaintext pws. You can crack them with the help of rainbowtables but it needs to be in there to do so.
Maybe I get you wrong but I think what you say isn't working. Instead of base64 them (which means they would decrypted and executed aswell) you should use something like "mysql_real_escape_string" and for security reasons and cleancode aswell you shul typehint them. So, if you are working with GET and POSTS from whereever (even in Cookies, which can be manipulated easily) you should do something like $myGetter = (int) $_GET['myGetter'];
@@callimero2731 There is no need for teamwork lol. SQL injections are plain and simple, either via the list of SQL queries or centralized injection systems that sprout these attacks. This is not movies lol, when hackers work with each other and say: "I'm in!", hahaa. It is usually one perpetrator. Nowadays, due to many services offering DDOS protection, it is more likely to get hit by MTM (man in the middle attacks) that abuses the communication between two users by altering the message or stealing ID_key from either valid communicators and then communicate with 1 of them instead. Though true, DDOS attacks are **sometimes** performed in groups due to sheer overload needed to crash a desired service. Usually, perpetrators turn to bot networks or service injections that use foreign/unauthorized access to vast amounts of computers. Then, they use them to send the payload to the certain service's address. However, due to the filtering systems used nowadays by packet management systems in our devices...it is hardly possible to do anything decent without proxies.
Thank you so much for uploading this, i'm VERY interested in cybersecurity but as far as i know, none of the universities near me have it as a career option and i find your videos to be really informative and entertaining!
Sir, as you are an insane expert in this field we want to know what are the steps you followed to get up to this stage what are the things you followed and etc, please make video on this.
This is actually awesome to show sql injection tools but that was not an SQL injection principle tutorial Thank you for the video btw, very helpful for me! :)
You are great teacher. I am new to cyber security. Have been seeing videos on RUclips and so far you are the best. How can I join your members only channel? I’m quite excited about learning.
Informative video, thank you, but naming it "How to scan and Pwn any website" may be a little misleading. Some people will think that "any" website using a database suffers from sqli, which is not the case
exactly what I was thinking. 95-98% of websites I have seen do not display SQL back to the user on the bottom or in the browser console. there have been some exceptions, this is why it's not 100% but to cover just that case only in a video is a weak idea. so the examples are not realistic. for learning it's ok but for a realistic example, it's not even close to how the real world works 🤷♂️
@@stevema2 You can still encounter some real world applications that suffer from sqli. If the devs are lazy and do not use input validation or/and prepared statements, you may end with an sqli. You don't have to get an obvious sql syntax error to exploit it, some times ou may get a 500 internal error that may be indicative of an sqli. Still, devs are more aware of these issues these days, they use also frameworks that embeds already sqli protection routines. that's why saying "Any website" is misleading good sir Loi Liang Yang
@@tojogamer1733 totally with you. you and I are saying the same thing different ways, just that I haven't seen many web apps where I see a SQL statement being written back to the browser console or in an HTML div. That was my point. There are exceptions but it's not as common which is not "Any website" 😉
Only works for old fashioned PHP-based applications for the most part. There's still quite of few of those out there don't get me wrong. But it is going to be very hard to find any website worth hacking that's still vulnerable to SQL injection.
Exactly - this is like telling people to take advantage of an XP loophole when everyone isn't using XP. ANYONE making a website that doesn't use prepared statements, and input escaping basically shouldn't be doing it. Most people with little to no web skills will probably use an off the shelf CMS like Wordpress and that has all these entry points covered. They'd either do it themselves using that or go to an external design agency who will do it for them. There are so many off the shelf packages and "systems" (squarespace etc) now that having a modern website is so simple my 12 year old can do it. All those websites come out of the box with inbuilt protection against this sort of stuff so this video will only help you against a website that hasn't been updated in years, and is most likely not even relevant any more anyway. Appreciate the content but you should be focusing on the nature of these exploits and what people should be doing to defeat them.
In addition - a lot of "quality" web hosting providers include auto blocking of attempts to run sql injection so repeated attempts will fail (often the first time). I know of one that increases the ban time by a factor of 2 each time it detects such an attack starting at 2 mins for the first attempt. 15 attempts in and you have to wait over 540 hours before the webserver will even speak to your machine to announce it's accepting your connection, let alone run any kind of input for you...
Still part of the ethical hacker courses, so still relevant. Be thankful people take their time to produce such content instead of trying to be a clever shyte.
I literally watch your videos to help secure a web based game I'm making. I have no experience and know people will find ways to cheat the game or take it offline. Ive been using your tricks to clean my code.
what programming languages did u use to make the game ? and are u self taught ? or went to school to learn? if so what online free resources did u use to learn all that. Thanks :)
@@slicker1260 Nobody have the same route towards being a good developer, I tell u what try youtube, coursera, udemy, udacity and just see what suits you, also learn and APPLY don't just learn.
@@ahmedbahaj8786 the learn and apply part is some of the best advice you couldve offered, i took a programming class back in the day, and after i was done with the class i didnt really do anything with the knowledge i gained, so i forgot a decent amount of what i was taught. had to go to another programming course to make sure i was job ready haha.
Hey man, can you make a playlist for all the videos that a noob can watch to learn, like literally someone who just decided to start and completely new to all these jargons, like literally teaching a newbie.
Using parameterized statement would help in sql injection prevention. Also, limiting the permission of the type of DB user would help too. Why should a normal user be granted permission to show all the tables? 🤓
Can you explain in depth how that payload actually fits in the sql query, by commenting other parts of the query? I am a beginner here, can understand some parts not full..
that is what a hacker would call an "air gapped pc" they use similar security measures for highly protected data 1 authorised specialist at a time only transferring data using usb etc only way into a system like that is maybe bribe the computer specialist that has access to insert a usb download the data onto it get it back and open it when you get back to your pc :)
Good eve Loi: I better start studying your videos thanks I learned something tonight it sounds interesting about SQL injection. I just heard it but not quite sure. Anyway thank you Cesar N.
it's actually surprising I understood alot of this since i have only beginner to moderate sql knowledge... but damn is it worth it putting all this effort just to get to someone's privacy? *weird*
Thats why when you run sql injection you need multiple zombies or to run a script that randomizes ip or both so the servers firewall wont trip at the sheer amount of data coming from one computer
Main problem is to bypass WAF (See below list) with SQLMAP. Second SQLMAP can't bypass XOR base encoding and complex time based query restrictions. Some Pakistani hackers has developed their own version of SQLMAP so called GHURI. Similarly ATLAS tool works best with SQLMAP to suggest best suitable WAF bypass tamper scripts. Hope to see advance tutorial on these topics soon. WAF List SQLMAP can't bypass easily 🙁 #1) AppTrana #2) Prophaze WAF #3) Cloudflare WAF #4) Sucuri Website Firewall #5) AWS WAF #6) Akamai #7) Imperva #8) Citrix WAF #9) F5 Advanced #10) Barracuda #11) Fortinet FortiWeb #12) SiteLock Thanks ✅️ 😊 🫂
Thank so much I have searched alot for an excellent channel like this And I want to ask you if you could expand a lot and deep hacking on the future videos I don't want to use this for evil All what I need is to practice and have a good job Keep going I wish you a happy life 💓💓
@Jonathan Dahan The part of your statement "without needing to know what's going on behind the scenes" is the part I am concerned with. I will also add if everything is so secure why the need for PEN testing in the first place? I get the fact that majority of the vulnerability's are cause by the end user. You would think people who head up IT security would be more aware of the simple stuff.
@Jonathan Dahan It would be safe to say then that pen-testers will always be needed to some extend in the industry for the foreseeable future? As with everything computer related I just state don't download anything from an unknown source. Keep software up to date and use anti virus. And the biggest one I constantly say back up your data!
I have started work at Amazon Web Services. Will you be keen to see a day in the life of an AWS cybersecurity professional? :)
Yes 😀
Yes
Yeh. We are waityn
Yes and also process to reqch there
YES YESYESYES
I love this channel:
Straight to the point
No jokes
No advert
Nothing extra outside of just learning content
Great great great 👍🏽👍🏽
Would you help show the installation of the bricks web app. I have installed it and tried to run it but I receive an error saying there is an error in line 9 in the config.php file.
a lot of guy on youtube share video and some step are skipped and when im trying at ame time i need to start again ,your video , not 1 time i move video backwards good explication . nice job
I have started in this beautiful world of content on RUclips, I am new to this and here we go with issues of cybersecurity and ethical hacking
this was useful like in the 20th century, but now everybody uses libraries to abstract over sql and those utitlize the protection mechanisms against this kind of injection. And even if you don't use libraries, then you can just use escape charaters (eg: &qt) for quoting and all will be fine
there is an answer for your complain under your comment, lmao. " Thank you so much Loi! Your info is extremely valuable for beginners who are trying to make their websites slightly more secure. " It is not about hacking the system, but for teaching beginners to understand what technologies are used to hack, so we beginners can prevent them.
the thing to bring out is some sites developed by devs that didn’t aware it. and you were the customer of that site who inputted the cred info 😂
@@altayyerassyl3213 I understand your response now that you commented it 18 hours ago. I agree with you that this information is extremely valuable for beginners, and I actually did the full PortSwigger Labs course on SQL injection myself. However, my comment was written more than a year ago, and back then the video was called “How to scan and PWN any website”. It was NOT called “SQL injection for beginners”. Therefore, I excepted this video to be much more advanced and cover advanced topics applicable to modern times. You can see a lot of comments very similar to mine in that regard. I guess that’s why the author eventually renamed the video from click-bait crap to something useful.
@@kostiaperegudaplop just used sql injection to hit moveit and the US defense lmao, now it doesn’t look dumb does it 😊
@@strang7739 in general such vulnerabilities are discover by tools, not by people, moreover, specific vulnerabilities like injection vulnerabilities are discovered mostly using white-box analysis, which operates on the source code. It is very rare that black box analysis alone can discover such specific vulnerabilities. Therefore, most of the vulnerabilities are published by the software manufacturers themselves, together with updates fixing those vulnerabilities. However, the hacker gangs try to perform what is known as a zero-day exploit. They target users of the software, who has not updated immediately, and thus hack them using publicly known vulnerability. This is exactly what clop has done. Clop used publicly available exploit to hack into organizations who have not updated the software. 90% of security breaches are actually exploiting already known vulnerabilities and publicly available exploits of the older versions of the software and are happening because users are not updating their software to the newest version. P.s. that’s why you must never disable automatic Windows updates on your PC:)
A simple way to protect input fields is to convert them before they are part of a sql query. It could be as simple as base64(input string). This way the original query can not be injected. You could also modify base64 algo by shuffling the defined character string of the base64 algo.
Thats why we gotta hash passwords??
@@damegaye3051 No. You hash them because if the database is getting hacked, the hackers only got hashed pw instead of plaintext pws. You can crack them with the help of rainbowtables but it needs to be in there to do so.
Maybe I get you wrong but I think what you say isn't working.
Instead of base64 them (which means they would decrypted and executed aswell) you should use something like "mysql_real_escape_string" and for security reasons and cleancode aswell you shul typehint them. So, if you are working with GET and POSTS from whereever (even in Cookies, which can be manipulated easily) you should do something like $myGetter = (int) $_GET['myGetter'];
@@timmytainment i cracked a hash some time ago, and the password was 1233abcd.. lol
Use prepared statement, hash and salt the password.
You are the only person who discusses hacking material on RUclips but RUclips doesn't block you, I like your style, you are my guide
@@900dm4n oh god, sure:)
i have no clue what to do with this but ill keep it in mind
@@callimero2731 There is no need for teamwork lol. SQL injections are plain and simple, either via the list of SQL queries or centralized injection systems that sprout these attacks. This is not movies lol, when hackers work with each other and say: "I'm in!", hahaa. It is usually one perpetrator. Nowadays, due to many services offering DDOS protection, it is more likely to get hit by MTM (man in the middle attacks) that abuses the communication between two users by altering the message or stealing ID_key from either valid communicators and then communicate with 1 of them instead. Though true, DDOS attacks are **sometimes** performed in groups due to sheer overload needed to crash a desired service. Usually, perpetrators turn to bot networks or service injections that use foreign/unauthorized access to vast amounts of computers. Then, they use them to send the payload to the certain service's address. However, due to the filtering systems used nowadays by packet management systems in our devices...it is hardly possible to do anything decent without proxies.
@@Guide4Ever Thank you, it was just my opinion
@@callimero2731 who tf is using sqli for ddos?
u can extract data from website that us vulnerable to this exploit.
I like how you explain all in simple terms...
Thank you so much for uploading this, i'm VERY interested in cybersecurity but as far as i know, none of the universities near me have it as a career option and i find your videos to be really informative and entertaining!
tryhackme and hack thebox u probally found it now
where do you live?
Thank you Mr.Yang. You helped me to graduate from university. THANK YOU! :)
Sir, as you are an insane expert in this field we want to know what are the steps you followed to get up to this stage what are the things you followed and etc, please make video on this.
This is useful information so important about 95% of vulnerability disclosure programs are all looking for this vulnerability
I like how the video is entitled "Learn from a pro hacker now" this got me to watch this fr
I actually think I love you. Every video you make basically saves me 1-2 months of life, I seriously can't thank you enough!!! Just yes
Sus
@@rcsxuth8594 idc
@@JohnRobertPotter u were like : omg..>! i think im in love with you!
@@rcsxuth8594 yep
@@JohnRobertPotter nope sus still if u say idc then u sussy baka and if u try to cheat the system u gay af fr
I want to thank you for inspiring me to take up Cyber Security. I just paid for your training on Udemy.
Don’t fool anyone, you’re going to become a hacker!
@@Hephasto no harm on that , how are we gonn improve our security if there is no one to hack it 😜😜
@@hamzajon8823 if there was no hackers there would be no need to secure anything, does it make sense?
@@Hephasto and so millions of jobs would be gone
I love this video. Got me excited about Pentesting again
Thank you for making this. I am getting into backend webdev and this helped me audit my own code. Thanks!
This is actually awesome to show sql injection tools but that was not an SQL injection principle tutorial
Thank you for the video btw, very helpful for me! :)
Thx for making my requested video!! Apreciate it!
this is fixed years ago. using escape characters or isolating the input. Basically, just proper programming practices will do the trick.
Devs are gods in earth
Yeah, now all modern languages have build-in escaping or ORMs. This vulnerability dead from ~2007.
@@AngelVlad100 super agree
@@AngelVlad100 haha lol ...sql injection is still no 3
@@PastEventsTV I know, but I didn't see any actual public website with such vulnerability for the last 10 years.
You are great teacher. I am new to cyber security.
Have been seeing videos on RUclips and so far you are the best. How can I join your members only channel?
I’m quite excited about learning.
Next to the subscribe button, there is a join button. You have to pay for it
mostly of the ORMS in the market today treat this issue. But in my college times i have enjoyed this :)
Subscribed - learnt more in 5 mins than 5 years
This is crazy I'm glad I saw this red team security demonstration
Informative video, thank you, but naming it "How to scan and Pwn any website" may be a little misleading. Some people will think that "any" website using a database suffers from sqli, which is not the case
It should be titled "**some old websites".
exactly what I was thinking. 95-98% of websites I have seen do not display SQL back to the user on the bottom or in the browser console. there have been some exceptions, this is why it's not 100% but to cover just that case only in a video is a weak idea. so the examples are not realistic. for learning it's ok but for a realistic example, it's not even close to how the real world works 🤷♂️
@@stevema2 You can still encounter some real world applications that suffer from sqli. If the devs are lazy and do not use input validation or/and prepared statements, you may end with an sqli. You don't have to get an obvious sql syntax error to exploit it, some times ou may get a 500 internal error that may be indicative of an sqli. Still, devs are more aware of these issues these days, they use also frameworks that embeds already sqli protection routines. that's why saying "Any website" is misleading good sir Loi Liang Yang
@@tojogamer1733 totally with you. you and I are saying the same thing different ways, just that I haven't seen many web apps where I see a SQL statement being written back to the browser console or in an HTML div. That was my point. There are exceptions but it's not as common which is not "Any website" 😉
@@DirePantsDim there are some new websites who still suffer from sqli
Only works for old fashioned PHP-based applications for the most part. There's still quite of few of those out there don't get me wrong. But it is going to be very hard to find any website worth hacking that's still vulnerable to SQL injection.
can't believe why this channel has only 261k subscribers
Thank you so much Loi! Your info is extremely valuable for beginners who are trying to make their websites slightly more secure.
Compared to the mischief i used to get up to 20 years ago, can i just say this is absolutely WILD stuff. So, so very tempting....😬
4:24 in as of commenting this. Thats super creative, just getting it to put syntax into its message. Legit classic movie style.
Wat do u mean. Hope u dont mean that, Thats a virus!!!
@@francesgisondi7216 Hope I don't mean what?
I mean, just escape your damn SQL. Take advantage of libraries such as PHP's pdo, nobody has got pwn'd like this since the early 2000's.
Exactly - this is like telling people to take advantage of an XP loophole when everyone isn't using XP. ANYONE making a website that doesn't use prepared statements, and input escaping basically shouldn't be doing it. Most people with little to no web skills will probably use an off the shelf CMS like Wordpress and that has all these entry points covered. They'd either do it themselves using that or go to an external design agency who will do it for them. There are so many off the shelf packages and "systems" (squarespace etc) now that having a modern website is so simple my 12 year old can do it. All those websites come out of the box with inbuilt protection against this sort of stuff so this video will only help you against a website that hasn't been updated in years, and is most likely not even relevant any more anyway.
Appreciate the content but you should be focusing on the nature of these exploits and what people should be doing to defeat them.
In addition - a lot of "quality" web hosting providers include auto blocking of attempts to run sql injection so repeated attempts will fail (often the first time). I know of one that increases the ban time by a factor of 2 each time it detects such an attack starting at 2 mins for the first attempt. 15 attempts in and you have to wait over 540 hours before the webserver will even speak to your machine to announce it's accepting your connection, let alone run any kind of input for you...
@@andyjackson3663 do you know some of the more effective attacks being used today like xss or something else ?
It's still plenty common in websites up today, even ones that are brand new.
Still part of the ethical hacker courses, so still relevant. Be thankful people take their time to produce such content instead of trying to be a clever shyte.
I literally watch your videos to help secure a web based game I'm making. I have no experience and know people will find ways to cheat the game or take it offline. Ive been using your tricks to clean my code.
what programming languages did u use to make the game ? and are u self taught ? or went to school to learn? if so what online free resources did u use to learn all that. Thanks :)
@@slicker1260 Nobody have the same route towards being a good developer, I tell u what try youtube, coursera, udemy, udacity and just see what suits you, also learn and APPLY don't just learn.
@@ahmedbahaj8786 the learn and apply part is some of the best advice you couldve offered, i took a programming class back in the day, and after i was done with the class i didnt really do anything with the knowledge i gained, so i forgot a decent amount of what i was taught. had to go to another programming course to make sure i was job ready haha.
Using the information will takes you to the the right way for more information
Very easy to follow and understand,thank you very much.
This is why I prefer PDO over mysqli. PDO is so much harder to inject with.
You have got 1 new subscriber from me
Hey man, can you make a playlist for all the videos that a noob can watch to learn, like literally someone who just decided to start and completely new to all these jargons, like literally teaching a newbie.
Study CSS, C+ and java
as a beginner everyone will tell you do this do that ! ... but man you have to figure it out by yourself whether you google or watch you tube videos
impressive truely a master programer Salute...😎
Using parameterized statement would help in sql injection prevention. Also, limiting the permission of the type of DB user would help too. Why should a normal user be granted permission to show all the tables? 🤓
Hi, I need good databases about Spain for a project.
I also want to join a good group of harckers to buy tools. THANKS
Which command you use to go the word list at 05:02 sec
congrats bro,you got 1m
Thanks so much Loi. This is awesome content.
Can you explain in depth how that payload actually fits in the sql query, by commenting other parts of the query? I am a beginner here, can understand some parts not full..
Wow-- a thirty-minute presentation in 13 minutes!
Well entire video goes over my head.
Thank you sir, we need more classes!!
Thank you , as a student of sql I see how could this language be used
about your channel: I was looking for copper and I thought it was gold
if i was using windows 7 without internet connection and just playing spyder solitaire what would that mean for hackers?
that is what a hacker would call an "air gapped pc" they use similar security measures for highly protected data 1 authorised specialist at a time only transferring data using usb etc only way into a system like that is maybe bribe the computer specialist that has access to insert a usb download the data onto it get it back and open it when you get back to your pc :)
Hello @Loi Liang, thanks for this tutorial.. but i would like to say, how effective is SQLi on react,and node js apps ?
I was given access to the complete meta database by the meta AI LLM from a jailbreak prompt.i can browse it like I'm at the public library.
Thank you very. A very very important and informational video learned good things.
Good eve Loi:
I better start studying your videos thanks I learned something tonight it sounds interesting about SQL injection.
I just heard it but not quite sure.
Anyway thank you
Cesar N.
it's actually surprising I understood alot of this since i have only beginner to moderate sql knowledge... but damn is it worth it putting all this effort just to get to someone's privacy? *weird*
Great video, could you do a tutorial on John the ripper please?
Online manual is a good place to start
Thats why when you run sql injection you need multiple zombies or to run a script that randomizes ip or both so the servers firewall wont trip at the sheer amount of data coming from one computer
always love your content loi
look a function mysqli_ mysqli_real_escape_string etc this is secure functions
This was very helpful thANKH you.
how to setup the brick web application in kali linux? Does anyone have tutorials about it ?
it worked, it worked. thank you so much.
sqlmap misses out on many opportunities like it doesn't work on altoromutual which is prone to basic sql injections
amazing sir.
from Indonesia
Main problem is to bypass WAF (See below list) with SQLMAP. Second SQLMAP can't bypass XOR base encoding and complex time based query restrictions. Some Pakistani hackers has developed their own version of SQLMAP so called GHURI. Similarly ATLAS tool works best with SQLMAP to suggest best suitable WAF bypass tamper scripts.
Hope to see advance tutorial on these topics soon.
WAF List SQLMAP can't bypass easily 🙁
#1) AppTrana
#2) Prophaze WAF
#3) Cloudflare WAF
#4) Sucuri Website Firewall
#5) AWS WAF
#6) Akamai
#7) Imperva
#8) Citrix WAF
#9) F5 Advanced
#10) Barracuda
#11) Fortinet FortiWeb
#12) SiteLock
Thanks ✅️ 😊 🫂
Thank so much
I have searched alot for an excellent channel like this
And I want to ask you if you could expand a lot and deep hacking on the future videos
I don't want to use this for evil
All what I need is to practice and have a good job
Keep going
I wish you a happy life 💓💓
ypu are my best mentor love your videos
you deserve subscribe
Loi I have a question about reverse engineering in android,,,,,how possible is it guarantee to bypass apps functions?
It's is easy to understand,very good
I am not a beginner. I had sql topics at the bachelor. I use technologies such as hadoop
You're a pro Boss Loi Liang Yang
Nice bro, i have so much learnee from you!!!!
would this tutorial be a begginer for testing a solo project websites for any vulnerabilities of a said project?
Good morning sir Loi what tools did you use?
how to Pwn Any Website from 199x, but "in the theory" explanation is good
Hi, man, thanx for vid, could you explain where did you get sql select command, I mean where is it possible to see this command to DB from website?
Great insight and explanation on SQLI! This is great!
Love the way you explain things ..keep up the info
Most stuff has a WAF that blocks sqlmap etc.. Even with the WAF param... Even small hosts
Informative and scary at the same time.
@Jonathan Dahan The part of your statement "without needing to know what's going on behind the scenes" is the part I am concerned with. I will also add if everything is so secure why the need for PEN testing in the first place? I get the fact that majority of the vulnerability's are cause by the end user. You would think people who head up IT security would be more aware of the simple stuff.
@Jonathan Dahan It would be safe to say then that pen-testers will always be needed to some extend in the industry for the foreseeable future? As with everything computer related I just state don't download anything from an unknown source. Keep software up to date and use anti virus. And the biggest one I constantly say back up your data!
Thanks for Mr Yang. Can I have a question? How can I bypass Sqlmap TLS errer?
having problems with website, when I click login or really anything else it redirects me to the owaspbwa shit version of the website, any help?
Wow so glad I joined your channel
Thanks our beloved lecturer ♥️
Great video
Please can u explan from where to start to be hacker?
I think he already made a video. But you could start with hackthebox or tryhackme if you want to look if its the right thing for you
Anyone else got an ad with an old man telling u to do his sql course "instead of watching the random yt video"?
Thanks for your information and cooperation sir
wow, you're genius! great, thanks
You are really awesome lecturer.
Tysm for tutorial. Love you sir..😊💐💐
From VietNam. Thankss
even beginners use now prepared statements not to mention salted binary passwords
Respect from brazil.
VIVA CRISTO REI.
Subbed but prepared statements should nullify these types of attacks.
do you have any idea some application only can install single computer , and how to it system work ?
Amazing video tutorial! Thanks you so much. I'm currently studying Web Application Penetration Testing. It was very useful for me!
Get your Like!
Awesome. Thanks so much Liang Yang :)
Thank you !! You made me curiuos
How well do filter_input and filter_var in PHP protect against these?
Mr. Loi Liang Yang: What Terminal Emulator is on screen ? Where and how to download and install. Thanks in advanced, 👍🏼👍🏼
How can I start learning and being a black hat hacker? What site or forum should I join