Learn SQL injection with Rana! Today's video demonstrates three SQL Injection attacks. Her course covers many more (9 hours of content) and you can get free access using the link below. // Labs, scripts and documents // Slides: github.com/rkhal101/Presentations/blob/main/2023/David-Bombal's-Channel/SQL%20Injection%20Video%20with%20David%20Bombal.pdf Lab #1 Link: portswigger.net/web-security/sql-injection/lab-login-bypass Lab #2 Link: portswigger.net/web-security/sql-injection/union-attacks/lab-retrieve-data-from-other-tables Lab #3 Link: portswigger.net/web-security/sql-injection/blind/lab-conditional-responses Lab #3 Python Script: github.com/rkhal101/Web-Security-Academy-Series/blob/main/sql-injection/lab-11/sqli-lab-11.py // Course options // You have multiple options: 1) RUclips: Free to watch: ruclips.net/video/1nJgupaUPEQ/видео.html 2) Udemy: www.udemy.com/course/mastering-sql-injection-the-ultimate-hands-on-course/?referralCode=922314AD50A8EF6BB043 3) Rana's Academy: 50% OFF Coupon Code: "DavidBombal500FF" academy.ranakhalil.com/ Rana explains the differences in this video: ruclips.net/video/tuxukQ4gKOU/видео.html // Real World Example // OTW shows SQL Injection the real world: ruclips.net/video/R1amgARgFDs/видео.html // Book Rana Recommended // Web Application’s Hacker’s handbook 2nd Ed by Dafydd Stuttard US Link: amzn.to/3J90wZa UK Link: amzn.to/3J7H2UT // Rana's SOCIAL // Twitter: twitter.com/rana__khalil Academy: academy.ranakhalil.com/ RUclips Channel: ruclips.net/user/RanaKhalil101 Medium Blog: ranakhalil101.medium.com/ Rana Intigriti Interview: ruclips.net/video/stXkOBZsNYo/видео.html&ab_channel=intigriti // David's SOCIAL // Discord: discord.gg/davidbombal Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal // MY STUFF // www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // TIMESTAMPS // 00:00 Coming up 00:35 Disclaimer 00:40 Intro 01:00 Rana's first course 01:53 Rana's platforms 03:12 Support 04:00 SQL injection overview 05:05 SQL injection theory 09:15 Rana's background 10:19 SQL explanation 11:46 Presentation 13:10 1st lab 16:48 Discussion about practical Labs 17:57 Different types of SQL injection 21:41 2nd lab 32:14 Discussion about teaching 33:04 3rd lab 48:22 Discussion about labs 48:54 Password lockout 50:19 Cookie 51:29 3rd lab conclusion 51:49 Preventing SQL injection 57:57 Course information 58:34 SQL and developers 59:27 Course progression Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.
@@catarcticThe course is free on RUclips. But, because some people prefer Udemy, here are 1,000 free places to Rana's course (first 1,000 get the course for free): www.udemy.com/course/mastering-sql-injection-the-ultimate-hands-on-course/?couponCode=AC321B423BA301178A56
Because some people prefer Udemy, here are 1,000 free places to Rana's course (first 1,000 get the course for free): www.udemy.com/course/mastering-sql-injection-the-ultimate-hands-on-course/?couponCode=AC321B423BA301178A56
Thank you both for this great resource. I have been on this journey for a Little and every thing I can learn from this high level technical will help me to move forward. Thank you again . 🎉
Please reply here if you got the course for free! If you didn't get it in time, you can watch the course for free on RUclips here: ruclips.net/video/1nJgupaUPEQ/видео.html
Convenient timing. I'm starting my first bug bounty with a VDP with the Dept. of State. I'm in the Recon stage but based on the progression it's possible I'd probably need a XSS or SQLi to find a bug. I already brought a short but practical course for XSS and now there's this recommended by the RUclipsr who helped me get my CCNA via his Udemy Course, I know I can expect good training content. Good luck to everyone in the comments.
This is awesome !!! I also love that Rana is a woman in this space and a Hijabi woman !! 🙌 it’s great to see, this is my 1st time swing this. Great content David yet again ! Thank you! This channel has alerted me to recent cyber threat methods, taught me so much and has also pointed me in the direction of great learning resources (books, labs, videos, teachers) and it’s super useful especially considering I’m a beginner in cyber security . Thanks ☺️
I LOVE YOU DAVIDDD. you always post great videos and explain it in such a way that's mesmerizing. I turned 17 this 13th of july and i have been watching your videos from the age of 13 . i really appreciate your content. you have given me soo much motivation and inspiration and have inspired me to choose cyber security as a career later in life. LOVE FROM PAKISTAN SIRR🥰🥰
im on a reskilling for employment type of programme and, instead of having my actual TEACHER do his job and explain this himself, he told us to follow this hour-long tutorial. no shade to you, mr. david, im just frustrated with the lack of preparation im getting if i am to get a job in this field.
Good to see you back Rana. Great seeing you back is awesome. you in the security field I believe is one great encouragement to ladies out there to as well join the security field. awesome. Thanks David as well.
David B. Thanks lot man, This is one of your best Videos. This is so helpful with awesome information from Rana. Iam watching this video for 3rd time now. Thank you
Awsome, thanks David. Since February I have devoted myself 5 days a week for 8 hours of learning and educating myself with tryhackme, videos you have published to put me at a level where I can break into the industry, although not successful yet, it has opened my eyes to how vulnerable we really are!! Scary stuff lol😂
This is so profound, even for a learner. I've got an observation and a question, One would need the reconnaissance skill to fins out some details of the web app, like the username of the admin and other registered users, also, would like to know how to use burpe suite to create such proxy and connect the website we working on. is it okay to show few tips of those before diving into the sql injection proper? Thank you
Wow, looks amazing content! Many cheers to David and Rana! And I like her voice too. Is the Udemy course a giveaway too? Because it doesn't look alike by the link provided. Happy weekend to you!
@@davidbombal Oh sorry, I was searching for my glasses everywhere, but they were tilted up on my head 😉 Anyway, all the above still applies! Thanks for these fantastic collaborations, may them be to your growth as well!
@@davidbombal Nuh, I just tried to refer that at the time of writing your comment link didn't appeared yet on my side haha, that's why I searched blindly
Don't be afraid to say we like your backing until we get up and going but we don't want you as a takeover in it we want you to help us show us the correct way to develop
David thank you so much for your work! I love your program. I'm about to buy the book of Occupy the Web "Getting Started Becoming a Master Hacker" but I have a doubt, 'cause I want to know if this book is updated. Could you please tell what you think? thank you again. You are amazing
Hello Mr. Bombal i wanna ask a question if you don't mind. How long you were in IT and cybersecurity and if you got something to say for a 17 years old geek can you tell.
Dear David Bombal, only recent, OccupyTheWeb stated that the old and over-used vanilla-flavored ['admin '- -'] will NOT work, except only in a FEW cases, because over the years Database administrators have wised-up! SQL injection have become MORE sophisticated!
You need to watch the full video and course. As stated in the video, for training purposes we start with easy concepts and then increase the complexity. In the third lab in this video, Rana is doing much more complex stuff.
professor when you interview them and i watch, it seem like the same method i use but i dont find vulns only i tried brute forcing before i gain access and use cred to connect to protocols so please let them tell the magic they use in real world because it seems like studies. please i love your channel soo much thank you professor
Learn SQL injection with Rana! Today's video demonstrates three SQL Injection attacks. Her course covers many more (9 hours of content) and you can get free access using the link below.
// Labs, scripts and documents //
Slides: github.com/rkhal101/Presentations/blob/main/2023/David-Bombal's-Channel/SQL%20Injection%20Video%20with%20David%20Bombal.pdf
Lab #1 Link: portswigger.net/web-security/sql-injection/lab-login-bypass
Lab #2 Link: portswigger.net/web-security/sql-injection/union-attacks/lab-retrieve-data-from-other-tables
Lab #3 Link: portswigger.net/web-security/sql-injection/blind/lab-conditional-responses
Lab #3 Python Script: github.com/rkhal101/Web-Security-Academy-Series/blob/main/sql-injection/lab-11/sqli-lab-11.py
// Course options //
You have multiple options:
1) RUclips: Free to watch: ruclips.net/video/1nJgupaUPEQ/видео.html
2) Udemy: www.udemy.com/course/mastering-sql-injection-the-ultimate-hands-on-course/?referralCode=922314AD50A8EF6BB043
3) Rana's Academy: 50% OFF Coupon Code: "DavidBombal500FF" academy.ranakhalil.com/
Rana explains the differences in this video: ruclips.net/video/tuxukQ4gKOU/видео.html
// Real World Example //
OTW shows SQL Injection the real world: ruclips.net/video/R1amgARgFDs/видео.html
// Book Rana Recommended //
Web Application’s Hacker’s handbook 2nd Ed by Dafydd Stuttard
US Link: amzn.to/3J90wZa
UK Link: amzn.to/3J7H2UT
// Rana's SOCIAL //
Twitter: twitter.com/rana__khalil
Academy: academy.ranakhalil.com/
RUclips Channel: ruclips.net/user/RanaKhalil101
Medium Blog: ranakhalil101.medium.com/
Rana Intigriti Interview: ruclips.net/video/stXkOBZsNYo/видео.html&ab_channel=intigriti
// David's SOCIAL //
Discord: discord.gg/davidbombal
Twitter: twitter.com/davidbombal
Instagram: instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
// MY STUFF //
www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
// TIMESTAMPS //
00:00 Coming up
00:35 Disclaimer
00:40 Intro
01:00 Rana's first course
01:53 Rana's platforms
03:12 Support
04:00 SQL injection overview
05:05 SQL injection theory
09:15 Rana's background
10:19 SQL explanation
11:46 Presentation
13:10 1st lab
16:48 Discussion about practical Labs
17:57 Different types of SQL injection
21:41 2nd lab
32:14 Discussion about teaching
33:04 3rd lab
48:22 Discussion about labs
48:54 Password lockout
50:19 Cookie
51:29 3rd lab conclusion
51:49 Preventing SQL injection
57:57 Course information
58:34 SQL and developers
59:27 Course progression
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Disclaimer: This video is for educational purposes only.
Thanks David!
The Udemy link doesn't work, regardless it's a giveaway.
@@catarcticThe course is free on RUclips. But, because some people prefer Udemy, here are 1,000 free places to Rana's course (first 1,000 get the course for free): www.udemy.com/course/mastering-sql-injection-the-ultimate-hands-on-course/?couponCode=AC321B423BA301178A56
hy david iam in pakistan and i really like your content can you please give the udemy course for free plz
@@davidbombalsir this link is not working...
@@shahariarking3850 Try again .... fixed...
Thank you for having me on your channel David! I'm very excited about this collaboration 😃
ZazakAllahu Kahir sister Rana
Support and Prayer for you from Bangladesh 🇧🇩💐
Stay blessed and keep making progress
Thank you so much, Rana! You're awesome! Keep killing it :)
Thank you so much Rana
So happy to be collaborating with you Rana! Thank you for everything you do for the community!
MashAllah ما شاء الله
Thank you sister Rana for the beautiful gif ZazakAllahu Kahir.
Support for her from Bangladesh 🇧🇩💐
This is gold! The way she explains everything is amazing. Makes it super simple and easy to follow. Definitely going to check out her full 9hr course.
Agreed! Rana is amazing!
You are One of the Best Teacher in RUclips 🤗
Thank you! Glad you think so!
Because some people prefer Udemy, here are 1,000 free places to Rana's course (first 1,000 get the course for free): www.udemy.com/course/mastering-sql-injection-the-ultimate-hands-on-course/?couponCode=AC321B423BA301178A56
Thank you both for this great resource. I have been on this journey for a Little and every thing I can learn from this high level technical will help me to move forward. Thank you again . 🎉
Please reply here if you got the course for free!
If you didn't get it in time, you can watch the course for free on RUclips here: ruclips.net/video/1nJgupaUPEQ/видео.html
Thank you sir ❤
@@davidbombalthank you sir and Rana this link working properly....
@@davidbombal got the course thank you
9 hours Christmas came early. This Weeknd is going to be fun 🎉 Thank you sir for always coming through
Thanks david and Rana Khalil for this amazing course. Really i am very thankfull to both of you . Lots of love from india
She makes it so easy to comprehend. What an incredible and well spoken instructor. 👏
Convenient timing. I'm starting my first bug bounty with a VDP with the Dept. of State. I'm in the Recon stage but based on the progression it's possible I'd probably need a XSS or SQLi to find a bug. I already brought a short but practical course for XSS and now there's this recommended by the RUclipsr who helped me get my CCNA via his Udemy Course, I know I can expect good training content.
Good luck to everyone in the comments.
Great :) Rana's content is amazing. Port Swigger even wanted to buy her content :)
This is awesome !!! I also love that Rana is a woman in this space and a Hijabi woman !! 🙌 it’s great to see, this is my 1st time swing this. Great content David yet again ! Thank you! This channel has alerted me to recent cyber threat methods, taught me so much and has also pointed me in the direction of great learning resources (books, labs, videos, teachers) and it’s super useful especially considering I’m a beginner in cyber security . Thanks ☺️
Thank you so much, guys! I love your channel, David!
Waooooo, was great to watch this video, thanks for share other level to learn sql injection; Thanks David and Rana 👍,
I LOVE YOU DAVIDDD. you always post great videos and explain it in such a way that's mesmerizing. I turned 17 this 13th of july and i have been watching your videos from the age of 13 . i really appreciate your content. you have given me soo much motivation and inspiration and have inspired me to choose cyber security as a career later in life. LOVE FROM PAKISTAN SIRR🥰🥰
She's really great and talented expert. Very helpful video😊
im on a reskilling for employment type of programme and, instead of having my actual TEACHER do his job and explain this himself, he told us to follow this hour-long tutorial. no shade to you, mr. david, im just frustrated with the lack of preparation im getting if i am to get a job in this field.
God bless you both love to see more people helping others
Took this course on Udemy yesterday
Just one piece of feedback: The font on VS code needs to be a bit larger 😊
Hey, there , just wanna say thanks for such great content and a wide variety of topics, really helpful
Love from South Africa 🇿🇦
absolutely love her ❤❤❤❤
Thank you for making the course available on RUclips, both you guys! God bless
*Very informative and useful fr me* 🙏
Good to see you back Rana. Great seeing you back is awesome. you in the security field I believe is one great encouragement to ladies out there to as well join the security field. awesome. Thanks David as well.
شكرا الاستاذ ديفيد على المعلومات التى تنشرها لنا لك التحية من مصر
its been 11 years since someone teached me sql injection, and i never get bored
David B.
Thanks lot man, This is one of your best Videos. This is so helpful with awesome information from Rana. Iam watching this video for 3rd time now.
Thank you
Amazing Stuff
Rana Khalil
Great video, We need more from Rana! Thanks.
Great content, Again!!
Thank you, David! Thank you, Rana!
just snagged it on udemy, You guyz are amazing. Stay Blessed
very well explained by Rana
I love the way she explains things.
love from village (India) i most watch your video alway awesome
everything explained very clear,,, such a great content david ''' we need more like this
Thank you very much David and Rana!!
This is very interesting. God bless you more ..❤
Thank you David ,good job Rana 👍
this give me goosebump, great content
What a great presentation
Great collection
God bless you sister rana
What a perfect new subject to learn.
David your doing great, bring intalactuls along side with recourses and lab
I appreciate for your kind affort brother
I missed my last chance, not missing this one!!!!! Plus I love SQL work!!!!
The course is free on RUclips, so no rush :)
Awsome, thanks David.
Since February I have devoted myself 5 days a week for 8 hours of learning and educating myself with tryhackme, videos you have published to put me at a level where I can break into the industry, although not successful yet, it has opened my eyes to how vulnerable we really are!! Scary stuff lol😂
Love seeing intelligent women well-versed in cybersecurity 😉😉😁😁
Ya..???? This is best course in RUclips @Rana
Great Course, thank you so much.
Absolutely brilliant stuff David! Where did you find this amazing legend? Rana, thank you so much.....am totally in!
Awesome work @rana and great content @david as usual !! Loved the mathematics joke btw 😀
Thank you sister
الحمدالله
wow great video!
Thanks David and rana ❤❤
imagine having her in the office, Great personality
8 +HOURS OF LAB....SWEET
Thankyou so much great tutorial leart alot😊❤
Love your content ❤
Thank you so much . I have already shut down and deleted over 20 government websites on my country
Great as always 👑
Thank you!
She's Good 👏👏👏💪
This is so profound, even for a learner. I've got an observation and a question, One would need the reconnaissance skill to fins out some details of the web app, like the username of the admin and other registered users, also, would like to know how to use burpe suite to create such proxy and connect the website we working on.
is it okay to show few tips of those before diving into the sql injection proper?
Thank you
Great ❤
RANA BEST TECHER
Realy good content!
the onlyy thing is the background of Ranal video... if i look at the coding, she get blured and all i see is a funny flying head..
Love it!!!!!!!!!!!!!!!!!!!!!
Danggg what an excellent teacher 😅
top,,, i like very good
Thank you David
You're welcome!
Thank again I wating for this ❤
I hope you enjoy the content!
Yes sir thank you ❤️❤️
Perfect Demos for new learners :-)
thank you david SIR !
You're welcome! Rana is amazing and we can learn so much from her!
i love your videos
Masha allha good see you sisters
I was like....whaaaat, this woman looks like an innocent housewife, would never expect this from her...hahaha nicely done
thank you very much ❤❤❤
Fantastic!
Glad you like it! Enjoy the course!
@davidbombal thank you .. I'm just working through blackhat api but will jump on this at some point
Wow, looks amazing content!
Many cheers to David and Rana!
And I like her voice too.
Is the Udemy course a giveaway too? Because it doesn't look alike by the link provided.
Happy weekend to you!
Hint... Look for for my comment :)
@@davidbombal Oh sorry, I was searching for my glasses everywhere, but they were tilted up on my head 😉
Anyway, all the above still applies!
Thanks for these fantastic collaborations, may them be to your growth as well!
@@catarctic You have time to get it... refresh the page and look for my comment :)
@@davidbombal Nuh, I just tried to refer that at the time of writing your comment link didn't appeared yet on my side haha, that's why I searched blindly
Don't be afraid to say we like your backing until we get up and going but we don't want you as a takeover in it we want you to help us show us the correct way to develop
Thanks a lot
Love it 😌...kinda new to this tho
Wow, I'm your next student
You are both always have a very good content
Mashallah
Needed this!
Hope the course helps you! Rana has lots of fantastic content on her channel - even more than this!
@ranakhalil101, we are super proud of you! Well done!
David thank you so much for your work! I love your program. I'm about to buy the book of Occupy the Web "Getting Started Becoming a Master Hacker" but I have a doubt, 'cause I want to know if this book is updated. Could you please tell what you think? thank you again. You are amazing
great video
Thank you! Rana is amazing!
Rana is the real life Trenton from Mr Robot. ☺
Excelente video, mas poderia ter tradução para português Brasil, por favor!
Great video.
Dumb question:
Does that '-- exploit only work if there are no line breaks in an SQL?
Hello Mr. Bombal i wanna ask a question if you don't mind. How long you were in IT and cybersecurity and if you got something to say for a 17 years old geek can you tell.
Hello David, can You make a video about Cyber Security, Thanks
Dear David Bombal, only recent, OccupyTheWeb stated that the old and over-used vanilla-flavored ['admin '- -'] will NOT work, except only in a FEW cases, because over the years Database administrators have wised-up! SQL injection have become MORE sophisticated!
You need to watch the full video and course. As stated in the video, for training purposes we start with easy concepts and then increase the complexity. In the third lab in this video, Rana is doing much more complex stuff.
Thank you boss❤❤❤
Thank you! I'm just trying to help as many people as I can :)
Rana looks like Trenton from mr.robot, she can probably get our credential in a few minute, better do not mess with her 😆
Poucos irão ver até o final!
Few will see until the end!
I’m diving to this
Am aslo
Rana's content is amazing! You'll learn so much!
realy beauty
SQL prepared statements and WAFs are eliminated all SQL injections threats in 2023 😋
Alhamdullah muslim 🙏🙏🙏
professor when you interview them and i watch, it seem like the same method i use but i dont find vulns only i tried brute forcing before i gain access and use cred to connect to protocols so please let them tell the magic they use in real world because it seems like studies. please i love your channel soo much thank you professor