Sign up for Snyk for free: [ Ссылка ]
Some useful resources on SQL Injection:
[ Ссылка ]
[ Ссылка ]
[ Ссылка ]
DISCLAIMER: The demonstration shown in this video is
performed in a controlled lab setup. This video
is for educational purposes only. You can only
perform penetration testing in your own lab
environment and doing it on any live application
is not allowed and it is a crime unless you are a
professional and have appropriate permissions.
In this video, I demonstrated Error-based SQL Injection and by demonstrating it practically on an intentionally vulnerable application called Juice Shop.
OWASP Juice Shop is probably the most modern and sophisticated insecure web application! It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications!
In this video, we exploit the SQLI vulnerability on Juice Shop
Juice Shop: [ Ссылка ]
You can run juice shop on your computer by simply using Docker (check out the above link to read the instructions on how to do so)
Originally, this video was supposed to contain both Error-based SQLI and Blind SQLI, but since the video is getting very long, I had to split it into two parts. This is part 1 that has the Error-based SQLI demo, the part 2 will have the Blind SQLI demo.
I uploaded part 2 to Odysee (LBRY based app) to support the cause of decentralizing the web. Decentralization means no censorship and content freedom!
Unlike platforms like YouTube (which are biased and controlled by a central authority), decentralized applications are not controlled by any single authority, no one has excessive powers or privileges over these applications, and most importantly they are also open-source so no data theft!
This is why I believe the decentralized web is the future!
Learn more about LBRY (a content-sharing decentralized application): [ Ссылка ]
Watch Part 2 on Odysee: [ Ссылка ]
If you are new to Odysee, you can use my link to signup: [ Ссылка ]
Chapters:
0:00 Disclaimer & What are we going to learn in this video?
1:31 About our sponsors - Snyk
5:06 What is SQL?
5:57 What is SQL Injection?
7:06 SQL Injection on Juice Shop
7:37 Install Juice Shop on your PC with Docker
10:22 Exploiting SQL Injection in the Login feature
18:20 Exploiting SQL Injection in the Search feature
34:39 Using SQL Map to automate SQL Injection
39:35 Error based SQLI vs Blind SQLI
40:31 Using Snyk to find and fix SQL Injection bugs
50:31 End of Part 1
Thanks for watching!
SUBSCRIBE FOR MORE VIDEOS!
Join my Discord: [ Ссылка ]
Follow me on Instagram: [ Ссылка ]
Website: [ Ссылка ]
Blog: [ Ссылка ]
