@@LoiLiangYang Thank you very much, I also sent you a message on udemy, I'm watching videos on payload on Android but I had problems in practice I write to you thanks again, and I must say you teach well good ☺️
Additionally, you look for vulnerabilities in the input fields by throwing in payloads to get error. This is important because once you discover the vulnerability, the advanced segment of using UNION to pull out more data comes in to play.
I can’t express how underrated your channel is considering how amazing & valuable content you are providing. Keep it up man, major hats off to you! Lots of love from India 🇮🇳
Lot of Respect to your Work Sir. Like a consistent student who regularly watches your video but I have a query from where u get sql payload can u make a video on that how to find or check payload available
Mr Loi, you used the SQL injection attack with a completely different method. I thought you would run code like or '1=1# or or 8888=8888--. Then you will find the tables and columns on the site. I thought you would capture it. I can use sqlmap, but I cannot do it manually. Because I didn't fully understand how to do it.
and how did you discovered those were valid fields on the user table? ..how did you discovered the table name? how did you discovered the type of database ? ... if this is an advance tutorial you should explain how did you came up with the payloads , not just to do a copy paste
Let me confess that you're the best Loo Liang.... I want to make just one request.... make a video that would cover how to locate a phone number currently working and combined with one which is not currently working thanks
Hello, some cyber security expert told me that real site is not actually attacked in this way. Do you think this is true? Should I try your suggested method if I want to attack any site? Please reply. I want to ask one more thing. What is a sql map? What is the difference between sql map and this specified method? How can we do this?
Is this advanced? Can you make an even more advanced one where you talk about information_schema etc and find the tables manually without being given the stuff like in this video, or bomb shells or writing or reading mitigation
If I may know, does cyber security pay well? Average per year? And which one makes more money, cyber sec or game development company? I'm interested in both fields but I don't know which one to choose....
Man your first union select query, was it fluke or actually there were 9 columns in users table? Also can you explain why you used /**/? Finally all the columns except the last one in the users table were string type?
Really well explained! What I would like to have are more realistic attacks. I mean are there actually still up to date webapps with that kind of vulnerabilities? What would a SQL injection look like in realistic scenario? Still a great video :)
@@roniwinchester8351 ??? What are you even talking about. That's what this channel is all about. He's already showing how to hack. If the title says advanced I dont want to see most basic stuff.
Very educational. Thank you for create this Chanel. but honestly, I'm still not very good at understanding English so please help me to provide Indonesian subtitle. i'm from Indonesian btw.🙏🙏🙏🙏🙏
Iam student from India. There are no major degree in cybersecurity , where I live. Can I take Information technology or Computer Science degree to get started in cybersecurity field?? Can you give me a suggestion to get started in the field. I was more passionate about it...
Great video. Could you please tell me how to test SQLi for below API call? This endpoint support GET, POST and DELETE method also. GET /api/v1/user/profile/123. If there is any article or video on finding SQLi, XSS, CSRF on API's, please share
This depends on the database right? I mean would the query be the same if the website was using a different database and if not then how would you know what query to use? do you just have to keep trying ?
Hi, I bought the course, can I write to you privately for any questions? thanks you are the best
Yes. Feel free to post your questions in Udemy and our team will get right back to you! If you're a RUclips member of this channel, likewise too!
@@LoiLiangYang Thank you very much, I also sent you a message on udemy, I'm watching videos on payload on Android but I had problems in practice I write to you thanks again, and I must say you teach well good ☺️
how do i port forward for with smartphone connection
How can I become a youtube member ?
@@LoiLiangYang could you please make a video for hacking database using sql injection . All techniques possible
Additionally, you look for vulnerabilities in the input fields by throwing in payloads to get error. This is important because once you discover the vulnerability, the advanced segment of using UNION to pull out more data comes in to play.
Plz do SQL injection video of Login Page having Captcha. All videos on internet shows only on Login page having Username and Password
Loi is the best security instructor on RUclips .
Thanks from 🇨🇵
I can’t express how underrated your channel is considering how amazing & valuable content you are providing. Keep it up man, major hats off to you! Lots of love from India 🇮🇳
Even me
Your voice is so soothing and smooth. Handsome, smart, effective.
You are a life changer for me. I always wanted to do ethical hacking. And now i work on a univeruity
Thanks my teacher, i have hijack a website using your way. And now i have 1000% full access -
In pandemic time ur spending ur precious time to teach 4r us sir,by cing ur cls.. in udemy we have learnt Sir tq sir.
make a video about SQL injection filter bypassing
Love ❤️ from India 🇮🇳
🇮🇳
Love ❤️ from Turkey 🇹🇷
1st & 2nd cmt from BD but pinned cmt fro. in. Really this is heart Broken think.😔🙄😒🤔
@@secretmystery8305 don't worry bro.... Good luck for next time....
@@X-secular Thank You So Much. :)
But what about the Salt into Hashing.. Almost everyone does it now... A salted hash can't be reversed.
this is great man, exactly same as what i leran from school
Lot of Respect to your Work Sir.
Like a consistent student who regularly watches your video but I have a query from where u get sql payload can u make a video on that how to find or check payload available
Loi I learn more from you in a 5 minute video rather than someone else’s 15 min video
Underrated channel
I just can't wait for other videos, much love from Kenya
Mr Loi, you used the SQL injection attack with a completely different method. I thought you would run code like or '1=1# or or 8888=8888--. Then you will find the tables and columns on the site. I thought you would capture it.
I can use sqlmap, but I cannot do it manually. Because I didn't fully understand how to do it.
Please I need a video on how to access friends contact list by Link. Or by generating a payload.
Thanks
Love From Bangladesh :)
you are The best by the way i am You Fan i saw every videos
Your good brother,your tutorials are understandable
Love from INDIA ❤️
How would you know the exact name of a table and it's columns?
hey u are a osm osm hacker wow i am fast time see your channel from india and u grow more
Thanks mr loi for teaching me
wow, wonderful, we want more tutorials. thank you so much for sharing this valuable hacking method. take love from Bangladesh
and how did you discovered those were valid fields on the user table? ..how did you discovered the table name? how did you discovered the type of database ? ... if this is an advance tutorial you should explain how did you came up with the payloads , not just to do a copy paste
Good channels are mostly under rated... Very useful content.... yesterday i was looking for this... 🖤🖤🖤
how to use this teqnique when there is no searchbar and there is only login and password fill forms?
Let me confess that you're the best Loo Liang.... I want to make just one request.... make a video that would cover how to locate a phone number currently working and combined with one which is not currently working thanks
Hello, some cyber security expert told me that real site is not actually attacked in this way. Do you think this is true? Should I try your suggested method if I want to attack any site? Please reply. I want to ask one more thing. What is a sql map? What is the difference between sql map and this specified method? How can we do this?
Wow i was inpressed SQL Injection should not be as difficult its all on what happens on the server.
Thank you sir ❤️ love from india ❤️❤️
Bro where i can learn ethical hacking from basics to advance
Is this advanced? Can you make an even more advanced one where you talk about information_schema etc and find the tables manually without being given the stuff like in this video, or bomb shells or writing or reading mitigation
I think for hashing MD5 algorithm is not the industry standard.
If I may know, does cyber security pay well? Average per year? And which one makes more money, cyber sec or game development company? I'm interested in both fields but I don't know which one to choose....
I'd say cyber security but with game development it varies on your position as with cyber security
Man your first union select query, was it fluke or actually there were 9 columns in users table? Also can you explain why you used /**/?
Finally all the columns except the last one in the users table were string type?
Love from Bangladesh 🇧🇩❤️😊
hacker from bd i see
@@mukto2004 🇹🇷🇧🇩🇩🇿🇮🇳🇵🇰🇨🇳🇷🇺🇺🇲🇬🇧 Most of the hackers are from these countries.
@@b07x pak ? How ?
How can monitor mobile traffic using wireshark
You are great teacher sir I have learned many things from you Much love and support to you❤❤💯
how can i come up with that union select, kinda weird
make a video on API
Really well explained! What I would like to have are more realistic attacks. I mean are there actually still up to date webapps with that kind of vulnerabilities? What would a SQL injection look like in realistic scenario? Still a great video :)
understanding means "Etichal Hacking" they never attack other people in real life. it's all about demonstrated
@@roniwinchester8351 yes but the video title is "Advanced SQL Injection Tutorial". What he showed is the least level of diffidulty possible
@@Zero5309 then learn in google, you can't force anyone to teach you how to hack in real world.
@@roniwinchester8351 ??? What are you even talking about. That's what this channel is all about. He's already showing how to hack. If the title says advanced I dont want to see most basic stuff.
If you want to see real SQL xss attacks check for bug bounty videos. Or videos of how the winners of a bug bounty won the bounty.
Thank you sir for making this video 🇮🇳🇮🇳🇮🇳🇮🇳🇮🇳
I just understood why my moms movies site account, one year ago got hacked😂 SQL Injection is way too powerfull :)
In the payload does I can Write just
SELECT * FROM users ??
Love from Bangladesh 🇧🇩
Nice. look 1st 2 cmt from bangladesh. I think all Bangli Love Hawking Like Me :)
@@secretmystery8305 I am also come from Bangladesh 🙂..
@@rafin5651 nice :)
@@secretmystery8305 yeah ...😁
@@rafin5651 lets hack uuuuuu 😀😅
Please make a video on sql injection shell upload using sqlmap.
Thnq my teacher, you're the best of the best
Love from sri lanka 🇱🇰🇱🇰🇱🇰
By the way how did you run samsung android framework on windows in previous videos
Bro can u plz tell how many langauge we have to know to become network pentester ?
Such amazing Hacker ❤️
Very educational. Thank you for create this Chanel. but honestly, I'm still not very good at understanding English so please help me to provide Indonesian subtitle. i'm from Indonesian btw.🙏🙏🙏🙏🙏
your program languague to write this lab ? PHP and MYSQL
Love ❤️ from India 🇮🇳
Can i get a heart ??
Does this work on TEST websites or for real ones? I know few shitty websites and would love to hack it, ?
But all this attack doesn’t work on live website, why???
What do you think /**/ is for?
Commenting things out..
Can you do a Lesson on Beef / Ngrok / Portforwarding on WAN. Just dont get it working..
wordpress hacking tutorial plzzz
Love 💞 from Nepal 🇳🇵
KEEP GOING MY FRIEND 😎👍
Great content😎😎😎 Sir keep it up 👍
Love from indonesian 🇮🇩 :)
Thanks been waiting for this..❤️
Quantitys
Dude my freind u are a legend
Bro wr are u from
if it doesnt work on a website then other sql payloads wont work as well?
Iam student from India.
There are no major degree in cybersecurity , where I live.
Can I take Information technology or Computer Science degree to get started in cybersecurity field??
Can you give me a suggestion to get started in the field.
I was more passionate about it...
Great video. Could you please tell me how to test SQLi for below API call? This endpoint support GET, POST and DELETE method also.
GET /api/v1/user/profile/123.
If there is any article or video on finding SQLi, XSS, CSRF on API's, please share
Check for improper access control, You might find some juice
This guy teach so good !!!
Keep upload more videos related to sql
so this is union based sql injection sir ?
Loi how i can get owasp juice shop on my kali ? Am i need to download ova or iso image with running juice shop ?
This depends on the database right? I mean would the query be the same if the website was using a different database and if not then how would you know what query to use? do you just have to keep trying ?
Check the whatweb data of the website. It will show in the result which database language has been used.
@@bakedtomatohh807 thank u
Nice video 👍👍👍
if i don t have this rest/products ?
sir pls make sqlmap videos 🙏🏻 thanku
Next: advance server side request forgery
You're great sir !
Please sir teach us how to skip 2 steps verification code in gmail please sir
If the password is hashed using Bcrypt I think it would be hard to decrypt
woooooh amazinf simple tutorial
what to do if domain is Locked?
What is advanced in it?....This is a basic SQL injection.... kindly make video on obfuscating WAF on SQLi
Thanks alot mr.sir
wtf is mr.sir
Mr.sir means mr.teacher
thank you very much
you profstional strong
Master of masters!
Awesome 🔥🔥🔥🔥🔥
Love that 9:07
Is it possible to decrypt password_hash() security ???
How are search engines Hacked
Awesome video!
Glad you enjoyed it
What is the use of /**/ in sql statement?
It's a replacement for a space character because /**/ is a comment in SQL-Syntax. But it's actually not needed in this case.
My response can be regarded as just as shot in the dark bro as I am still a no-eye deer, hahaha.
What's with the /**/ ??
All the rest is self-explanatory
good tutorial
Best 👍