Blind SQL Injection Made Easy

Поделиться
HTML-код
  • Опубликовано: 3 янв 2025

Комментарии • 37

  • @Nestro1244
    @Nestro1244 3 месяца назад

    bro idk why but your optimism makes me smile. Thank you! :)

    • @TCMSecurityAcademy
      @TCMSecurityAcademy  3 месяца назад

      Gotta be optimistic in today's world! Thanks for watching!

  • @presequel
    @presequel Год назад +1

    nice video :) when i did this i used the numbers option as my first payload, its easier than a simplelist with typing the numbers. and i use the little searchbar at the bottom of the screen(where you typed in welcome) to typ in the chars, not shocking but a little easier than grabbing notepad to do this.

  • @aaftabahmed6876
    @aaftabahmed6876 Год назад +2

    Insane brother ❤

  • @Ak1r4Yuk1
    @Ak1r4Yuk1 2 месяца назад

    I think you can verify also by looking at Content-Length

  • @TheCyb3rM0nk
    @TheCyb3rM0nk Год назад +2

    Stoic Alex🔥

  • @jaywandery9269
    @jaywandery9269 Год назад +7

    what query would you use to determine the table name if you did not have the information that the users table existed.

    • @seancantwell12
      @seancantwell12 Год назад +4

      It depends on the database software. For example, you could reference the information_schema.tables or all_tables. However, using this query in a blind SQL injection attack might be tricky but I’m sure you could figure it out.

    • @jaywandery9269
      @jaywandery9269 Год назад

      @@seancantwell12 thank you, I will definitely try this

    • @Pentester_cybsec
      @Pentester_cybsec 7 месяцев назад

      ​@@seancantwell12 how to determine table and column names in oracle blind error based sql injection? I tried more tricks and queries. All of failed. If u know the query, pls tell me

    • @adityakiddo6554
      @adityakiddo6554 7 месяцев назад

      Before that there is one step service enumeration of sql db management systems ,, through that you can find few clues of syntaxes and use possible users table names. From web through bruteforce during live pentesting

  • @sammy49668
    @sammy49668 Год назад +1

    great content❤

  • @krlst.5977
    @krlst.5977 Год назад +3

    I really enjoyed your video, however i am asking you to use some other tools for such tasks. I mean Burp suite without subscription is really slow, to solve these SQL labs i used hydra for example, coz it is free and fast unlike the free version of Burp :) Anyway, thanks for such useful videos!

    • @presequel
      @presequel Год назад +2

      there is a plugin, i believe it is called turbo intruder, that speeds up the proces in burp, maybe that helps ( a little). interesting idea to use hydra, i would use sqlmap or zap but never thought of doing it with hydra, will give it a try :)

  • @BadBoyAcademy-o6u
    @BadBoyAcademy-o6u 25 дней назад

    Good tutorial but what if website not showing that welcom message how you can know its vulnerable to sqli

  • @kiiturii
    @kiiturii Год назад +1

    would be great if you showed how to do this with other tools, ain't nobody affording pro burp

    • @Wwinstar
      @Wwinstar 11 месяцев назад

      You can easily automate something like this with Python.

    • @kiiturii
      @kiiturii 11 месяцев назад

      @@Wwinstar ok bro🤦‍♀️

  • @coders_algoritmers
    @coders_algoritmers 11 месяцев назад

    Sqlmap showing me false positive and unexploitable point detected even vulnerability is available what i do please tell me

  • @kumarsiddappa6118
    @kumarsiddappa6118 6 месяцев назад

    Can we get the link for the sql cheat sheet to understand the underlying DB Vendor

  • @darbrown19
    @darbrown19 11 месяцев назад +1

    music distracting

  • @aaftabahmed6876
    @aaftabahmed6876 Год назад +2

    Can we have one video on Sqlmap 😍

  • @VectorGameStudio
    @VectorGameStudio Год назад

    Awesome

  • @ChristianRuiz-yw6ur
    @ChristianRuiz-yw6ur Год назад

    that mean the password it's not encryption, right?

    • @seancantwell12
      @seancantwell12 Год назад

      Correct. In this case, the password was stored in plaintext. However, you could still use this method to find the password’s hash or encrypted value. Then once you have this value, you can attempt hash cracking or decrypting of the password.

  • @vishwagautham704
    @vishwagautham704 Год назад

    Do we can use windows for this activity

    • @adityakiddo6554
      @adityakiddo6554 7 месяцев назад

      No problem at all , if skilled you can solve labs like these even on a phone

  • @konallen1510
    @konallen1510 Год назад

    把数据存储在oss,只能存储不能解析?

  • @imnothacker_
    @imnothacker_ Год назад +2

    ❤️😊

  • @Pentester_cybsec
    @Pentester_cybsec 7 месяцев назад

    Pls make a tutorial video for blind sql injection with conditional error lab. They are provide table and column names, but in real time we need to find table and column names.pls make a video How to write query for find table and columns name in oracle blind error based sql injection. Tq 🎉

  • @hmidadeusa6286
    @hmidadeusa6286 Год назад

    Please, brother, teach us how to hack any Tik Tok account without software

  • @r.raskolnickoff1408
    @r.raskolnickoff1408 Год назад

    if request userID contains 'AND' send response go away n00b