Live Hacking: SQL Injection For Beginners (Part 1)
Ғылым және технология
Sign up for Snyk for free: snyk.co/techraj
Some useful resources on SQL Injection:
snyk.io/blog/sql-injection-ch...
snyk.io/learn/sql-injection/
snyk.io/blog/sql-injection-or...
DISCLAIMER: The demonstration shown in this video is
performed in a controlled lab setup. This video
is for educational purposes only. You can only
perform penetration testing in your own lab
environment and doing it on any live application
is not allowed and it is a crime unless you are a
professional and have appropriate permissions.
In this video, I demonstrated Error-based SQL Injection and by demonstrating it practically on an intentionally vulnerable application called Juice Shop.
OWASP Juice Shop is probably the most modern and sophisticated insecure web application! It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications!
In this video, we exploit the SQLI vulnerability on Juice Shop
Juice Shop: github.com/bkimminich/juice-shop
You can run juice shop on your computer by simply using Docker (check out the above link to read the instructions on how to do so)
Originally, this video was supposed to contain both Error-based SQLI and Blind SQLI, but since the video is getting very long, I had to split it into two parts. This is part 1 that has the Error-based SQLI demo, the part 2 will have the Blind SQLI demo.
I uploaded part 2 to Odysee (LBRY based app) to support the cause of decentralizing the web. Decentralization means no censorship and content freedom!
Unlike platforms like KZread (which are biased and controlled by a central authority), decentralized applications are not controlled by any single authority, no one has excessive powers or privileges over these applications, and most importantly they are also open-source so no data theft!
This is why I believe the decentralized web is the future!
Learn more about LBRY (a content-sharing decentralized application): lbry.com/
Watch Part 2 on Odysee: odysee.com/@techraj156:4/sql-...
If you are new to Odysee, you can use my link to signup: odysee.com/$/invite/@techraj1...
Chapters:
0:00 Disclaimer & What are we going to learn in this video?
1:31 About our sponsors - Snyk
5:06 What is SQL?
5:57 What is SQL Injection?
7:06 SQL Injection on Juice Shop
7:37 Install Juice Shop on your PC with Docker
10:22 Exploiting SQL Injection in the Login feature
18:20 Exploiting SQL Injection in the Search feature
34:39 Using SQL Map to automate SQL Injection
39:35 Error based SQLI vs Blind SQLI
40:31 Using Snyk to find and fix SQL Injection bugs
50:31 End of Part 1
Thanks for watching!
SUBSCRIBE FOR MORE VIDEOS!
Join my Discord: / discord
Follow me on Instagram: / teja.techraj
Website: techraj156.com
Blog: blog.techraj156.com
Пікірлер: 264
Watch part 2 on Odysee (LBRY based decentralized content-sharing application): odysee.com/@techraj156:4/sql-injection-part2 Also, check out Snyk: snyk.co/techraj
@bdas8420
3 жыл бұрын
Ok after 50 min
@krish7021
3 жыл бұрын
What is your qualifications
@ayushchampatiray7768
3 жыл бұрын
Would this work in case of a Ajax request where content type is just one string( application/x-www-form-urlencoded)
Need more content like this.
@Iuffycs
3 жыл бұрын
@📌Pinnedby Tech Raj KZread okay KZread Bot
the quality of his video- 101% KZread messing with his channel - 2000% result - max 10k viewers :/
@itskiller8012
3 жыл бұрын
True😢😢
@appyviral8753
3 жыл бұрын
Apke comment ko yt ne dekha or video ko thoda boost diya 😀
@singhisking821
2 жыл бұрын
@@appyviral8753 lmao
Raj I can't thank you enough for this beautiful and instructive content on SQL injection. I have learned a tone of new things. We need for content like this especially for bug bounty hunting. Thanks bro!!👍🏽🙏🏽
Need this types of videos from you
WE NEED MORE!!
Loved it, need more lessons like this thankyou ❤️🔥
Expecting more content like this 🙏🙏🙏
was waiting for a long time
@harshitsinghGRIND
3 жыл бұрын
@📌Pinnedby Tech Raj KZread are you able to see who subscribed you?+ which browser do u love the most?
Good one I would not see any Indian Course But today I am Proud of You Thank You Anna
Dude thanks a lot man ur vids are really informational
Very informative as always ❤
There are many videos on SQL and I have learned but not the complete and it's interesting to learn from your favorite KZreadr
@adminbyseregasoleniyminer4490
3 жыл бұрын
Thanks for watching... +:1-5-1-6-3-9-9-1-9-1-1 Direct feedback 📥
Great content. Expecting more content like this.
Underated channel...the incredible way of exploitation explaination, hatsoff dude. keep growning bro.
We want more of these type of videos ! You are doing a great job
_Raj_ *Make some great courses please*
I didn't knew that sql can be used for this i thought it was usless while learning it in my class😊 But now😍
@NexPlayy
6 ай бұрын
🤣🤣🤣🤣
Great tutorial bro , i hope u'll be making more of these cool content . 👏🏻
@priyansh5233
2 жыл бұрын
@📌Pinnedby Tech Raj KZread Scammer.
GREAT VIDEO THANK You FOR MAKING IT
We need more content like this more
Most ignored thing in the world : This video's *DISCLAIMER* 😂😂
@techrajassistant7317
3 жыл бұрын
Thanks for your review...... For more information.... contact my recommended broker +1=4=2=3=8=0=1=8=4=0=6 W/H/A/T/S/A/P/P""
NICE VIDEO BHAI, liked it alot
very Informative 👍👍
After giving a watch, I downloaded the video. Not sure if youtube removes this one too!
Want more content like this🔥
Dude lot of thanks ❤️ good information
You are doing great work please continue this serie..
@adminbyseregasoleniyminer4490
3 жыл бұрын
✓✓T•E•X•T•M•E✓✓ ✓✓+•1•5•1•6•3•9•9•1•9•1•1✓✓ ✓✓F•O•R•M•O•R•EG•U•I•D•I•A•N•C•E✓✓ A•N•D•I•N•F•O✓✓✓✓✓✓✓✓✓✓
Which os should a starter should use windows or linex
This channel covers a lot of content that is hard to find accurate information on these days… reminds me of the Wild West internet before everything got nerfed 🤓
Frieking luv u man wonderfull explaination Liked and subbed!
Bro keep it up!
I was just suffering a lot learning SQL injection Thanks a lot 🥺🥺❤️❤️😺
@techrajassistant7317
3 жыл бұрын
Thanks for your review...... For more information.... contact my recommended broker +1=4=2=3=8=0=1=8=4=0=6 W/H/A/T/S/A/P/P""
WoW! I even downloaded this
Awesome bro
We can also use google cloud docker right?
Bhi aik phone sa dosra phone hack kasy karna hai
Nice buddy thank you
Literally I love your English
@techrajassistant7317
3 жыл бұрын
Thanks for your review...... For more information.... contact my recommended broker +1=4=2=3=8=0=1=8=4=0=6 W/H/A/T/S/A/P/P""
First time I found a very usefull sponser.
@adminbyseregasoleniyminer4490
3 жыл бұрын
✓✓T•E•X•T•M•E✓✓ ✓✓+•1•5•1•6•3•9•9•1•9•1•1✓✓ ✓✓F•O•R•M•O•R•EG•U•I•D•I•A•N•C•E✓✓ A•N•D•I•N•F•O✓✓✓✓✓✓✓✓✓✓
Which is best for coding and hacking Windows Or Chromebook.??
Wow bro you are great 👌
Great demonstration
@adminbyseregasoleniyminer4490
3 жыл бұрын
Hello, Can you make video on something like Do's and Dont's for newbies who's have just started to learn? Likewise you said on well equipped environment and such stuffs like Is it safe using my personal emails on the Virtual Box or Dual booted linux distros where I practice injection, penetration tests and stuffs? And other common mistakes? Maybe hope I make some sense here. : )
@adminbyseregasoleniyminer4490
3 жыл бұрын
My friends Facebook id got hacked how we get that id
Thanks!
Good content deer
Instead logging in as the first user in the database, what do I enter to use ORDER BY RANDOM so I login as a random user
Make a video on blind SQL injection
love this
We need more content related. To ethical hacking raj big fan of yours
Going to the second half
Legends be like: *What is SQL* 😅😂
@Divaaakar
3 жыл бұрын
Structured query language
@ranjannayak7930
3 жыл бұрын
@@Divaaakar yeah 😂
@ranjannayak7930
3 жыл бұрын
@Md golam Mostofa 🤣
@b07x
3 жыл бұрын
It's like a database managing language
@shreayankanjilal
3 жыл бұрын
@Md golam Mostofa It's easier than programing.
Part 2🔥🔥🔥🔥🔥bhi aane de jaldi
Love from you ♥️
Hi bro there an issue for me how can i contact u
Good one
Bro this is elite 😮 🎉❤ love from Maharashtra
thank u for the video
Good Explanation
@adminbyseregasoleniyminer4490
3 жыл бұрын
need more
SNYK same like NMAP?
Hi teja. Please make a video for a system that records attendance of students entered in meet,the time they remained. Please make
Need more videos man...👍
@adminbyseregasoleniyminer4490
3 жыл бұрын
Thanks for watching... +:1-5-1-6-3-9-9-1-9-1-1 Direct feedback 📥
Please make a video on how to extract drm key 🔑 from drm url
Love you bro
10,300th view Lots of love and support from Tripura (North-east)
@adminbyseregasoleniyminer4490
3 жыл бұрын
✓✓T•E•X•T•M•E✓✓ ✓✓+•1•5•1•6•3•9•9•1•9•1•1✓✓ ✓✓F•O•R•M•O•R•EG•U•I•D•I•A•N•C•E✓✓ A•N•D•I•N•F•O✓✓✓✓✓✓✓✓✓✓
man i liek your mic can you add the link in desc?
Man You are damn talented ❤️
@ankitshaw1388
3 жыл бұрын
@📌Pinnedby Tech Raj KZread I Thought You are also from India
@ayushking_01
3 жыл бұрын
@@ankitshaw1388 ha ha its fake
Pls Upload 1 video per week
Need more
🔥🔥🔥🔥🔥more more more
Sqlmap showing me false positive and unexploitable point detected even vulnerability is available what i do please tell me
Thanks bro 😁
@adminbyseregasoleniyminer4490
3 жыл бұрын
W..H..A...T..S...A..P..P..> >>>>>>>>>>>>>>>>>>> +••1••5••1••6•• 3••9••9••1••9••1••1••
thank you sir i appreciate the time that you spent to make this video and to teach us these stuffs i really respect you, hope you can teach us ethical hacking well but not on youtube cause , you know there're some rules in youtube that don't allow to share these things
Sir i wanna learn how to hack color prediction games I need ur help Plz sir help...
@ravindran_1
3 жыл бұрын
Sir plz help
Bro can u plzzz say ur pc specs plzz bro
@adminbyseregasoleniyminer4490
3 жыл бұрын
Broo i want resources for learning web security can you plzz help me pointing in right direction I'm confused totally what n where to study and practice plzzxx
@techrajassistant7317
3 жыл бұрын
Thanks for your review...... For more information.... contact my recommended broker +1=4=2=3=8=0=1=8=4=0=6 W/H/A/T/S/A/P/P""
Can i be a hacker after BCA?
lots of love from Russia
Sir make a video where we can mining in android via command/running python cudo/nanopool code use via in android make a video this goona be good 🔥
Bro can you tell me which headphone you wore?😅
Tutorial will start at 5:01
@adminbyseregasoleniyminer4490
3 жыл бұрын
✓✓T•E•X•T•M•E✓✓ ✓✓+•1•5•1•6•3•9•9•1•9•1•1✓✓ ✓✓F•O•R•M•O•R•EG•U•I•D•I•A•N•C•E✓✓ A•N•D•I•N•F•O✓✓✓✓✓✓✓✓✓✓
Who needs his hacking course??
What if login have email validation ? Which query to use for sqli
@abhiramam5752
3 жыл бұрын
Use it on password field
@_AayushKumar
2 жыл бұрын
It says invalid email
Brave man
Sir please make a video about phoneinfoga
@adminbyseregasoleniyminer4490
3 жыл бұрын
T•h•a•n•k•s f•o•r W•a•t•c•h•i•n•g. f•o•r m•o•r•e I•n•f•o o•r g•u•i•d•a•n•c•e W•H•A•T•S•A•P•P +•1•5•1•6•3•9•9•1•9•1•1
Tq u
@adminbyseregasoleniyminer4490
3 жыл бұрын
✓✓T•E•X•T•M•E✓✓ ✓✓+•1•5•1•6•3•9•9•1•9•1•1✓✓ ✓✓F•O•R•M•O•R•EG•U•I•D•I•A•N•C•E✓✓ A•N•D•I•N•F•O✓✓✓✓✓✓✓✓✓✓
Mining videos please
What happend if I use mongodb ?😮
Uplod more like this
Great raj, expecting contents like this.! 👍
Bro raj which company are you working
@adminbyseregasoleniyminer4490
3 жыл бұрын
More videos please 🥺🥺🥺
@adminbyseregasoleniyminer4490
3 жыл бұрын
T•h•a•n•k•s f•o•r W•a•t•c•h•i•n•g. f•o•r m•o•r•e I•n•f•o o•r g•u•i•d•a•n•c•e W•H•A•T•S•A•P•P +•1•5•1•6•3•9•9•1•9•1•1
Mallus ❤️
Teja bayya tell my name once 😂😂
Good video, didn't like the Snyk promo at the end.
based decentralized content-sharing
Bro my facebook account has been hacked and i tried many times to recover it but it's not recovering can you help me
Bro can you perform on Live website with permission 🙏 . Btw amazing video ❤️
@tonystark-ko8bd
3 жыл бұрын
Thats not possible 😂
@xxehacker
3 жыл бұрын
@@tonystark-ko8bd 😂😂