🔥🔥Join the NetworkChuck Academy!: ntck.co/NCAcademy ☕☕ COFFEE and MERCH: ntck.co/coffee #sqlserver #SQLinjection #database
Жүктеу.....
Пікірлер: 112
@gio306111 ай бұрын
I work for altoro, I can't believe you did us dirty
@TheHacker404
9 ай бұрын
HEHHEHH
@sebscripts
9 ай бұрын
they made it vurnable on purpose ima find ur account >:)
@Marcus-Fenix-Cog
8 ай бұрын
Stop lying kid
@nofood1
8 ай бұрын
🤣🤣
@Kl1kzz
7 ай бұрын
No you dont
@Ianjames10666 ай бұрын
Thanks!
@laughingvampire755511 ай бұрын
every time I see the term SQL injection I think of PHP, because I'm a GenX dev and I was there when PHP became popular and dethroned PERL as the preferred web scripting language. The irony is that PHP became famous because it is extremely insecure as a programming language and almost everyday of the late 1990s and early 2000 security news were about some PHP site being hacked by SQL injections. PERL otoh came with a security feature that forced you to use any method to parse and check the data of anything that came outside of the computer, anything from sockets including a request had to be parsed in some way, usually a regex, and if the perl dev read the manual properly would avoid injections which it happen. PERL throws an error of "tainted variable" if you want to use it without parsing it. PERL5 at least I don't know if PERL6 does it.
@ibrahimasad8533
8 ай бұрын
I have 3 words: Bot or nerd
@AlbertJarodIbay
7 ай бұрын
@@ibrahimasad8533does it matter? Information is information.
@Kankipappa
6 ай бұрын
PHP itself isn't inherently more insecure meaning you can make it secure, but people were just incompetent devs on security related stuff at the time, since web was still a new thing.
@purplevanilla
Ай бұрын
@@KankipappaSo it's all depend on the programmers?
@Kankipappa
Ай бұрын
@@purplevanilla Yes, there are many ways to avoid those problems, by simply just not trusting the user to always do well behaved inputs, and SQL also has prepared statements. Just like C/C++ language has its own problems regarding memory allocation (since you have to do it yourself). Doesn't mean you can't do software well in those.
@hackdonalds8 ай бұрын
this is soooo relevant! if you live in 2002
@didakad42075 ай бұрын
I like how you took it literally.
@vexperian222410 ай бұрын
Literally just did a module on this today, cool stuff!
@theluckydragon234611 ай бұрын
can you make a video about AI training on the cloud or fine tuning one ?
@SQLxGuy
11 ай бұрын
I am SQL
@honker2
10 ай бұрын
@@SQLxGuy bro thinks hes the main character
@SQLxGuy
10 ай бұрын
@@honker2 I am💀💀
@GroupFacade9264
10 ай бұрын
@@honker2i think he's SQL
@honker2
10 ай бұрын
hes sql @@SQLxGuy
@HentA.I9 ай бұрын
and thats why you use prepared statements
@kunle4sanya11 ай бұрын
Waiting😊
@Wess26009 ай бұрын
Can you explain a DLL next?
@Alec982111 ай бұрын
My preferred method of preventing injection when building a web app is parameterised statements. Send the query with placeholders, and send the strings to replace the placeholders.
@hankpeterson628
10 ай бұрын
Isnt that vulnerable for escapes?
@Alec9821
10 ай бұрын
@@hankpeterson628 no surprisingly, the strings to replace the placeholders are never combined with the query. It’s fool proof, I’m surprised people don’t talk about it more
@MoneyGrab
28 күн бұрын
@@hankpeterson628He probably means this: (python example) db.execute('SELECT userid FROM users WHERE name = ?', ('chuck',)) This protects your program against sql injections.
@scriptles10 ай бұрын
my favorite injection is "'or ''=' lol
@oh_finks
9 ай бұрын
what does this do?
@scriptles
9 ай бұрын
@@oh_finksCompletes a SQL statement that says log me in if imy username is "" and password is "" or if "" is "". Obviously nothing is equal to nothing. And the intex it pulls is usually index 0 which is the very first account created and thus usually an admin account.
@catharsis22211 ай бұрын
What if the child’s first name is really Drop and the last name is Table?
@glass6582
5 ай бұрын
Little bobby tables we call him
@moamedkgjgyj27611 ай бұрын
My best KZreadr ❤❤❤
@user-ty8kb3yv5j7 ай бұрын
My favorite injection is ' OR '5'='5' /* lol
@nowieszco86810 ай бұрын
It would be useful.. like 20 years ago 😅
@abdurrahimaykut686211 ай бұрын
This is good but old cuz so many website have protection to this so probably this works only for old websites or maybe some of the http websites. After all thank to chunk he teach us this attacks free
@gavril36989 ай бұрын
Why do people still pronounce like that, it's S Q L not Sequel
@super3d20111 ай бұрын
Input sanitization for the win
@theboy16453 ай бұрын
What kind of camera do you man?
@stevenwilliamsknights11 ай бұрын
Omg. I wish someone had moved it and progressed to check for this. Lol. If you know. You know.
@healingwithlove861411 ай бұрын
exploiting old sites that uses php and MySQL is easy but finding them is hard
@aa-fh2yl
11 ай бұрын
exactly ^^
@user-tm8sc2kz8f
10 ай бұрын
Web crawler??
@Qyfashae10 ай бұрын
Cant wait to see the faces of the SoC Team that needs to work Saturday and Sunday for Altoro
@Big_Dadaa
10 ай бұрын
😂😂😂
@seasong76558 ай бұрын
Pretty wild, but pycharm used to actually warn you, if you wrote code, which would make sql injections possible
@phoenixmotorsport6472 ай бұрын
ANY website that still allows that to happen these, the company that owns it should never be allowed to hold data ever again - there really is no excuse
@xX072Xx5 ай бұрын
"AN SQL" AHSHSHFUS
@borregoayudando148111 ай бұрын
where is the rest of the explaination?
@ragdajassim25494 ай бұрын
Does this work on all websites
@AdnanAli_9165 ай бұрын
What about DDOS Attack?
@User5588111 ай бұрын
Bro showing websites hacking tricks from the 90“s early 2000s
@souravdey927811 ай бұрын
Only works on php websites? I forgot.. I used it long ago. And it gave me admin access.💀
@TheBigOTech4 ай бұрын
lol looooong are the days of SQL injection my friend
@MadCabbit4 ай бұрын
Robert'); DROP TABLE Students;-- ? Ah yes, little Bobby Tables we call him.
@anantranjan6824 ай бұрын
What do you do for living?
@TheHacker4049 ай бұрын
HUHHUHHUHHH imma have soo much fun with that HEHHEHH >:) Not gonna youse it for i!!ige! Stuffs BUTT IMMA DO SOME PRANKS WITH IT >:)
@A_Anti-Furry10 ай бұрын
daymmm
@bestcommedy318411 ай бұрын
Full video need about this please 🙏
@jesy1732
11 ай бұрын
or read the docs?
@miguidedfolklore7797
11 ай бұрын
kzread.info/dash/bejne/ZIOEuLiihpCtgc4.html
@Lonewolf-vz5cg
11 ай бұрын
There is one already on the Chanel
@phinmcdole961211 ай бұрын
Hi
@winnieberto11 ай бұрын
Boby tables
@ChidiebereIjeoma-fk7xh2 ай бұрын
Can u teach us how to recover our gmail account password from an hacker pls
@_NotDB9 ай бұрын
I DID IT LETS GOO
@mstox83688 ай бұрын
My database is full encrypted with aes512 😎
@nofood18 ай бұрын
anyone else get injected and is here 🙋♂
@reddogreddog727511 ай бұрын
Ok
@RTBOSS7 ай бұрын
Prepared queries hah...
@reddogreddog727511 ай бұрын
Ty hack
@bigwilly4372911 ай бұрын
Do you have a separate beard channel?
@user-fp5bq9xo5e5 ай бұрын
Can i get free course website 😢please
@justcrumble349810 ай бұрын
💀💀
@MachistmoАй бұрын
you never get to the point. Your GF probably feels the same way.
@lineus8811 ай бұрын
ltt hq? linus screwdr1ver 😂
@levayv8 ай бұрын
This video is for people outise dev world so I can tolerate non hashed passwords and levels of abstractions and simplifications 😂
@truehighs78452 ай бұрын
It's call a sqeal injection of diesel.
@doggoreqiuem31118 ай бұрын
It's called S.Q.L blud
@amando2507 ай бұрын
Tragic that programmers are just that curropt, buuuuut just look at this page it looks cheap in first place
@linhtetnaingwiston3811 ай бұрын
Does this work on Facebook
@mastahrage9931
11 ай бұрын
Most likely not, since most websites have programs to prevent SQL injections.
@chaitanyakulkarni6416
11 ай бұрын
yes , but 15 yrs back it did
@notlogic.the.second
11 ай бұрын
whats that for a question. thats facebook. never. but if you are a very very good hacker you can probably find a vuln
@shockd6235
11 ай бұрын
No cuz now days sql injection is being less and less usable or you need to do a crazy good payload to work in websites
@notlogic.the.second
11 ай бұрын
@@shockd6235 true
@ttvalex26125 ай бұрын
little too cringe
@salvadorno27087 ай бұрын
useless reel. zero information shown. thanks for wasting my time
@F_NT11 ай бұрын
Can you make a kali linux video????
@ghosttheprogram6973
11 ай бұрын
He's done multiple
@F_NT
11 ай бұрын
@@ghosttheprogram6973 I know but new updates has come and new tools
@bugslayer-sama10 ай бұрын
I love that you pronounce it “sequel”, I feel validated without a doubt 😅❤
@sargismartirosyan994611 ай бұрын
Man f. Chuck sucks 😢 the giid old days are gone do you guys remember hacking haydra,reverse shell,bash. 😢
@srpcdgaming11 ай бұрын
SQL Injection is like continuing the line like this: Password: ' OR '1'='1' This is because it continues a line of code
@hindi_21711 ай бұрын
First
@jacobmarquez980511 ай бұрын
Second
@aqibaamir979411 ай бұрын
Third
@victor4646464610 ай бұрын
Lolz this video was so useless 😂
@Anshucodes11 ай бұрын
No one use raw sql command other than beginner 😂 , developer use orm for db
Пікірлер: 112
I work for altoro, I can't believe you did us dirty
@TheHacker404
9 ай бұрын
HEHHEHH
@sebscripts
9 ай бұрын
they made it vurnable on purpose ima find ur account >:)
@Marcus-Fenix-Cog
8 ай бұрын
Stop lying kid
@nofood1
8 ай бұрын
🤣🤣
@Kl1kzz
7 ай бұрын
No you dont
Thanks!
every time I see the term SQL injection I think of PHP, because I'm a GenX dev and I was there when PHP became popular and dethroned PERL as the preferred web scripting language. The irony is that PHP became famous because it is extremely insecure as a programming language and almost everyday of the late 1990s and early 2000 security news were about some PHP site being hacked by SQL injections. PERL otoh came with a security feature that forced you to use any method to parse and check the data of anything that came outside of the computer, anything from sockets including a request had to be parsed in some way, usually a regex, and if the perl dev read the manual properly would avoid injections which it happen. PERL throws an error of "tainted variable" if you want to use it without parsing it. PERL5 at least I don't know if PERL6 does it.
@ibrahimasad8533
8 ай бұрын
I have 3 words: Bot or nerd
@AlbertJarodIbay
7 ай бұрын
@@ibrahimasad8533does it matter? Information is information.
@Kankipappa
6 ай бұрын
PHP itself isn't inherently more insecure meaning you can make it secure, but people were just incompetent devs on security related stuff at the time, since web was still a new thing.
@purplevanilla
Ай бұрын
@@KankipappaSo it's all depend on the programmers?
@Kankipappa
Ай бұрын
@@purplevanilla Yes, there are many ways to avoid those problems, by simply just not trusting the user to always do well behaved inputs, and SQL also has prepared statements. Just like C/C++ language has its own problems regarding memory allocation (since you have to do it yourself). Doesn't mean you can't do software well in those.
this is soooo relevant! if you live in 2002
I like how you took it literally.
Literally just did a module on this today, cool stuff!
can you make a video about AI training on the cloud or fine tuning one ?
@SQLxGuy
11 ай бұрын
I am SQL
@honker2
10 ай бұрын
@@SQLxGuy bro thinks hes the main character
@SQLxGuy
10 ай бұрын
@@honker2 I am💀💀
@GroupFacade9264
10 ай бұрын
@@honker2i think he's SQL
@honker2
10 ай бұрын
hes sql @@SQLxGuy
and thats why you use prepared statements
Waiting😊
Can you explain a DLL next?
My preferred method of preventing injection when building a web app is parameterised statements. Send the query with placeholders, and send the strings to replace the placeholders.
@hankpeterson628
10 ай бұрын
Isnt that vulnerable for escapes?
@Alec9821
10 ай бұрын
@@hankpeterson628 no surprisingly, the strings to replace the placeholders are never combined with the query. It’s fool proof, I’m surprised people don’t talk about it more
@MoneyGrab
28 күн бұрын
@@hankpeterson628He probably means this: (python example) db.execute('SELECT userid FROM users WHERE name = ?', ('chuck',)) This protects your program against sql injections.
my favorite injection is "'or ''=' lol
@oh_finks
9 ай бұрын
what does this do?
@scriptles
9 ай бұрын
@@oh_finksCompletes a SQL statement that says log me in if imy username is "" and password is "" or if "" is "". Obviously nothing is equal to nothing. And the intex it pulls is usually index 0 which is the very first account created and thus usually an admin account.
What if the child’s first name is really Drop and the last name is Table?
@glass6582
5 ай бұрын
Little bobby tables we call him
My best KZreadr ❤❤❤
My favorite injection is ' OR '5'='5' /* lol
It would be useful.. like 20 years ago 😅
This is good but old cuz so many website have protection to this so probably this works only for old websites or maybe some of the http websites. After all thank to chunk he teach us this attacks free
Why do people still pronounce like that, it's S Q L not Sequel
Input sanitization for the win
What kind of camera do you man?
Omg. I wish someone had moved it and progressed to check for this. Lol. If you know. You know.
exploiting old sites that uses php and MySQL is easy but finding them is hard
@aa-fh2yl
11 ай бұрын
exactly ^^
@user-tm8sc2kz8f
10 ай бұрын
Web crawler??
Cant wait to see the faces of the SoC Team that needs to work Saturday and Sunday for Altoro
@Big_Dadaa
10 ай бұрын
😂😂😂
Pretty wild, but pycharm used to actually warn you, if you wrote code, which would make sql injections possible
ANY website that still allows that to happen these, the company that owns it should never be allowed to hold data ever again - there really is no excuse
"AN SQL" AHSHSHFUS
where is the rest of the explaination?
Does this work on all websites
What about DDOS Attack?
Bro showing websites hacking tricks from the 90“s early 2000s
Only works on php websites? I forgot.. I used it long ago. And it gave me admin access.💀
lol looooong are the days of SQL injection my friend
Robert'); DROP TABLE Students;-- ? Ah yes, little Bobby Tables we call him.
What do you do for living?
HUHHUHHUHHH imma have soo much fun with that HEHHEHH >:) Not gonna youse it for i!!ige! Stuffs BUTT IMMA DO SOME PRANKS WITH IT >:)
daymmm
Full video need about this please 🙏
@jesy1732
11 ай бұрын
or read the docs?
@miguidedfolklore7797
11 ай бұрын
kzread.info/dash/bejne/ZIOEuLiihpCtgc4.html
@Lonewolf-vz5cg
11 ай бұрын
There is one already on the Chanel
Hi
Boby tables
Can u teach us how to recover our gmail account password from an hacker pls
I DID IT LETS GOO
My database is full encrypted with aes512 😎
anyone else get injected and is here 🙋♂
Ok
Prepared queries hah...
Ty hack
Do you have a separate beard channel?
Can i get free course website 😢please
💀💀
you never get to the point. Your GF probably feels the same way.
ltt hq? linus screwdr1ver 😂
This video is for people outise dev world so I can tolerate non hashed passwords and levels of abstractions and simplifications 😂
It's call a sqeal injection of diesel.
It's called S.Q.L blud
Tragic that programmers are just that curropt, buuuuut just look at this page it looks cheap in first place
Does this work on Facebook
@mastahrage9931
11 ай бұрын
Most likely not, since most websites have programs to prevent SQL injections.
@chaitanyakulkarni6416
11 ай бұрын
yes , but 15 yrs back it did
@notlogic.the.second
11 ай бұрын
whats that for a question. thats facebook. never. but if you are a very very good hacker you can probably find a vuln
@shockd6235
11 ай бұрын
No cuz now days sql injection is being less and less usable or you need to do a crazy good payload to work in websites
@notlogic.the.second
11 ай бұрын
@@shockd6235 true
little too cringe
useless reel. zero information shown. thanks for wasting my time
Can you make a kali linux video????
@ghosttheprogram6973
11 ай бұрын
He's done multiple
@F_NT
11 ай бұрын
@@ghosttheprogram6973 I know but new updates has come and new tools
I love that you pronounce it “sequel”, I feel validated without a doubt 😅❤
Man f. Chuck sucks 😢 the giid old days are gone do you guys remember hacking haydra,reverse shell,bash. 😢
SQL Injection is like continuing the line like this: Password: ' OR '1'='1' This is because it continues a line of code
First
Second
Third
Lolz this video was so useless 😂
No one use raw sql command other than beginner 😂 , developer use orm for db