Automating Boolean SQL Injection and Evading Filters
Sign up for Snyk at
00:00 - Talking about why I like SQL Boolean Injection
01:47 - Opening up the source code to the web app
02:00 - Snyk sponsor segment, talking about how it can find and fix vulnerabilities in your code in real time
04:30 - Demonstrating validating boolean injection with an or statement
07:00 - Showing a small python client I made for this video to play with the SQL Injection, then showing subqueries
09:20 - Showing how to enumerate columns in the database via brute-force guessing because we can’t use information_schema
11:25 - Going over the LIMIT statement so we can control which row we are looking at, then showing LIMIT 2 offset 1 is the same as LIMIT 1,1
15:00 - Showing the SUBSTR command so we can guess individual characters in a column/row
17:05 - Talking about converting a string to number in mysql which makes it possible to guess bad characters
21:45 - Start of creating our script, talking about the 3 functions we need, t
8 views
627
194
9 months ago 00:09:38 1
1. Complete Python for Automation-Introduction to the Python
10 months ago 00:11:22 2
How to Troubleshoot: IC200CPUE05 (GE Versamax CPU/PLC Troubleshooting Tutorial)
1 year ago 01:01:52 8
Automating Boolean SQL Injection and Evading Filters
9 years ago 00:07:37 5
Lesson 4 - Python Programming (Automate the Boring Stuff with Python)