what is an SQL Injection?
Ғылым және технология
🔥🔥Join the NetworkChuck Academy!: ntck.co/NCAcademy
☕☕ COFFEE and MERCH: ntck.co/coffee
#sqlserver #SQLinjection #database
🔥🔥Join the NetworkChuck Academy!: ntck.co/NCAcademy
☕☕ COFFEE and MERCH: ntck.co/coffee
#sqlserver #SQLinjection #database
Пікірлер: 112
I work for altoro, I can't believe you did us dirty
@TheHacker404
9 ай бұрын
HEHHEHH
@sebscripts
9 ай бұрын
they made it vurnable on purpose ima find ur account >:)
@Marcus-Fenix-Cog
8 ай бұрын
Stop lying kid
@nofood1
8 ай бұрын
🤣🤣
@Kl1kzz
7 ай бұрын
No you dont
Thanks!
every time I see the term SQL injection I think of PHP, because I'm a GenX dev and I was there when PHP became popular and dethroned PERL as the preferred web scripting language. The irony is that PHP became famous because it is extremely insecure as a programming language and almost everyday of the late 1990s and early 2000 security news were about some PHP site being hacked by SQL injections. PERL otoh came with a security feature that forced you to use any method to parse and check the data of anything that came outside of the computer, anything from sockets including a request had to be parsed in some way, usually a regex, and if the perl dev read the manual properly would avoid injections which it happen. PERL throws an error of "tainted variable" if you want to use it without parsing it. PERL5 at least I don't know if PERL6 does it.
@ibrahimasad8533
8 ай бұрын
I have 3 words: Bot or nerd
@AlbertJarodIbay
7 ай бұрын
@@ibrahimasad8533does it matter? Information is information.
@Kankipappa
6 ай бұрын
PHP itself isn't inherently more insecure meaning you can make it secure, but people were just incompetent devs on security related stuff at the time, since web was still a new thing.
@purplevanilla
Ай бұрын
@@KankipappaSo it's all depend on the programmers?
@Kankipappa
Ай бұрын
@@purplevanilla Yes, there are many ways to avoid those problems, by simply just not trusting the user to always do well behaved inputs, and SQL also has prepared statements. Just like C/C++ language has its own problems regarding memory allocation (since you have to do it yourself). Doesn't mean you can't do software well in those.
this is soooo relevant! if you live in 2002
I like how you took it literally.
Literally just did a module on this today, cool stuff!
can you make a video about AI training on the cloud or fine tuning one ?
@SQLxGuy
11 ай бұрын
I am SQL
@honker2
10 ай бұрын
@@SQLxGuy bro thinks hes the main character
@SQLxGuy
10 ай бұрын
@@honker2 I am💀💀
@GroupFacade9264
10 ай бұрын
@@honker2i think he's SQL
@honker2
10 ай бұрын
hes sql @@SQLxGuy
and thats why you use prepared statements
Waiting😊
Can you explain a DLL next?
My preferred method of preventing injection when building a web app is parameterised statements. Send the query with placeholders, and send the strings to replace the placeholders.
@hankpeterson628
10 ай бұрын
Isnt that vulnerable for escapes?
@Alec9821
10 ай бұрын
@@hankpeterson628 no surprisingly, the strings to replace the placeholders are never combined with the query. It’s fool proof, I’m surprised people don’t talk about it more
@MoneyGrab
28 күн бұрын
@@hankpeterson628He probably means this: (python example) db.execute('SELECT userid FROM users WHERE name = ?', ('chuck',)) This protects your program against sql injections.
my favorite injection is "'or ''=' lol
@oh_finks
9 ай бұрын
what does this do?
@scriptles
9 ай бұрын
@@oh_finksCompletes a SQL statement that says log me in if imy username is "" and password is "" or if "" is "". Obviously nothing is equal to nothing. And the intex it pulls is usually index 0 which is the very first account created and thus usually an admin account.
What if the child’s first name is really Drop and the last name is Table?
@glass6582
5 ай бұрын
Little bobby tables we call him
My best KZreadr ❤❤❤
My favorite injection is ' OR '5'='5' /* lol
It would be useful.. like 20 years ago 😅
This is good but old cuz so many website have protection to this so probably this works only for old websites or maybe some of the http websites. After all thank to chunk he teach us this attacks free
Why do people still pronounce like that, it's S Q L not Sequel
Input sanitization for the win
What kind of camera do you man?
Omg. I wish someone had moved it and progressed to check for this. Lol. If you know. You know.
exploiting old sites that uses php and MySQL is easy but finding them is hard
@aa-fh2yl
11 ай бұрын
exactly ^^
@user-tm8sc2kz8f
10 ай бұрын
Web crawler??
Cant wait to see the faces of the SoC Team that needs to work Saturday and Sunday for Altoro
@Big_Dadaa
10 ай бұрын
😂😂😂
Pretty wild, but pycharm used to actually warn you, if you wrote code, which would make sql injections possible
ANY website that still allows that to happen these, the company that owns it should never be allowed to hold data ever again - there really is no excuse
"AN SQL" AHSHSHFUS
where is the rest of the explaination?
Does this work on all websites
What about DDOS Attack?
Bro showing websites hacking tricks from the 90“s early 2000s
Only works on php websites? I forgot.. I used it long ago. And it gave me admin access.💀
lol looooong are the days of SQL injection my friend
Robert'); DROP TABLE Students;-- ? Ah yes, little Bobby Tables we call him.
What do you do for living?
HUHHUHHUHHH imma have soo much fun with that HEHHEHH >:) Not gonna youse it for i!!ige! Stuffs BUTT IMMA DO SOME PRANKS WITH IT >:)
daymmm
Full video need about this please 🙏
@jesy1732
11 ай бұрын
or read the docs?
@miguidedfolklore7797
11 ай бұрын
kzread.info/dash/bejne/ZIOEuLiihpCtgc4.html
@Lonewolf-vz5cg
11 ай бұрын
There is one already on the Chanel
Hi
Boby tables
Can u teach us how to recover our gmail account password from an hacker pls
I DID IT LETS GOO
My database is full encrypted with aes512 😎
anyone else get injected and is here 🙋♂
Ok
Prepared queries hah...
Ty hack
Do you have a separate beard channel?
Can i get free course website 😢please
💀💀
you never get to the point. Your GF probably feels the same way.
ltt hq? linus screwdr1ver 😂
This video is for people outise dev world so I can tolerate non hashed passwords and levels of abstractions and simplifications 😂
It's call a sqeal injection of diesel.
It's called S.Q.L blud
Tragic that programmers are just that curropt, buuuuut just look at this page it looks cheap in first place
Does this work on Facebook
@mastahrage9931
11 ай бұрын
Most likely not, since most websites have programs to prevent SQL injections.
@chaitanyakulkarni6416
11 ай бұрын
yes , but 15 yrs back it did
@notlogic.the.second
11 ай бұрын
whats that for a question. thats facebook. never. but if you are a very very good hacker you can probably find a vuln
@shockd6235
11 ай бұрын
No cuz now days sql injection is being less and less usable or you need to do a crazy good payload to work in websites
@notlogic.the.second
11 ай бұрын
@@shockd6235 true
little too cringe
useless reel. zero information shown. thanks for wasting my time
Can you make a kali linux video????
@ghosttheprogram6973
11 ай бұрын
He's done multiple
@F_NT
11 ай бұрын
@@ghosttheprogram6973 I know but new updates has come and new tools
I love that you pronounce it “sequel”, I feel validated without a doubt 😅❤
Man f. Chuck sucks 😢 the giid old days are gone do you guys remember hacking haydra,reverse shell,bash. 😢
SQL Injection is like continuing the line like this: Password: ' OR '1'='1' This is because it continues a line of code
First
Second
Third
Lolz this video was so useless 😂
No one use raw sql command other than beginner 😂 , developer use orm for db