1 00:00:02,010 --> 00:00:09,540 Now let's try to filter the tables to the tables that are only in our database and DWI. 2 00:00:09,570 --> 00:00:16,640 So we're going to use the word clothes the same way that we are we were using it before. 3 00:00:16,870 --> 00:00:31,470 So we're going to say where table schema equals the UI and then enter and we get an error. 4 00:00:31,590 --> 00:00:34,890 And again the error is complaining about the quotes. 5 00:00:35,130 --> 00:00:41,640 So the website probably uses some sort of security that does not allow us to put quotation marks and 6 00:00:41,640 --> 00:00:46,520 then you are out and we try to bypass that use in percentage 27 before. 7 00:00:46,650 --> 00:00:52,550 And as you see we couldn't bypass that we couldn't it was still detected. 8 00:00:52,670 --> 00:00:59,420 So we need to think of a way to write the database name and put it after the equal without putting the 9 00:00:59,570 --> 00:01:00,980 quote marks right here. 10 00:01:00,980 --> 00:01:09,090 So it is a DVD without the quote marks and we can't really do that by writing the database name as text. 11 00:01:09,290 --> 00:01:12,310 So what we're going to do now we're going to use verbs. 12 00:01:12,590 --> 00:01:21,180 And we're going to use the decoder part of it to convert the text DVD-Video to hex. 13 00:01:21,200 --> 00:01:24,200 Now the decoder is really useful and burp. 14 00:01:24,200 --> 00:01:31,190 Now remember when I was saying that the code for the code is 20 percentage 27 and the code for the hash 15 00:01:31,190 --> 00:01:33,710 tag is percentage 23. 16 00:01:33,710 --> 00:01:39,920 Now you can just type it in here and then go to as and make haste. 17 00:01:40,070 --> 00:01:45,630 You are outside and you'll see that the code for the hash tag is percentage 23. 18 00:01:45,710 --> 00:01:48,980 You can get code for any text you want really. 19 00:01:49,040 --> 00:01:54,860 For example if you put the code you get a percentage 27. 20 00:01:55,090 --> 00:02:01,120 Now what we want to do is we want to convert the text in here so that we don't have to write it between 21 00:02:01,120 --> 00:02:01,750 quotes. 22 00:02:01,810 --> 00:02:04,970 So we actually have to convert it to digits. 23 00:02:05,050 --> 00:02:11,800 And what we're going to do is we're going to convert the text of DVD A to hacks using the decoder part 24 00:02:11,860 --> 00:02:13,370 of burp. 25 00:02:13,480 --> 00:02:14,990 So I'm going to go here. 26 00:02:17,550 --> 00:02:31,080 Type DVD there when you say a the database name and we're going to encode it as hex and we're going 27 00:02:31,080 --> 00:02:33,990 to use this as after the equal March. 28 00:02:34,050 --> 00:02:42,980 So we're going to use it and instead of typing DVD-Video I say I'm going to remove this and I'm going 29 00:02:42,980 --> 00:02:45,240 to type it in zero x. 30 00:02:45,510 --> 00:02:48,750 Now everything written in hex has to start with zero X.. 31 00:02:48,890 --> 00:02:54,290 So I type in zero access the start to tell the database that whatever that's going to come after these 32 00:02:54,290 --> 00:02:56,660 two characters is going to be next. 33 00:02:56,690 --> 00:02:59,840 Therefore I don't need to use quotation marks for it. 34 00:03:00,050 --> 00:03:08,490 And then I'm going to put the code that I got which is 6 4 7 6 7 7 6 1 and that's it. 35 00:03:08,490 --> 00:03:11,820 So we converted the database name to hex. 36 00:03:11,820 --> 00:03:15,350 I'm going to copy this exploit pasted in here 37 00:03:22,610 --> 00:03:25,850 hit enter. 38 00:03:25,890 --> 00:03:29,860 I forgot to remove the single quote from the start because this is the medium level. 39 00:03:29,880 --> 00:03:32,780 We don't need the code. 40 00:03:32,790 --> 00:03:33,440 Here we go. 41 00:03:33,450 --> 00:03:39,890 It's working and we got the tables that's only related to our current database which is DVD. 42 00:03:40,140 --> 00:03:44,250 And the tables are against work and users. 43 00:03:44,260 --> 00:03:49,990 Now every time you need to use our work laws you need to use it the same way that we did it now by converting 44 00:03:50,230 --> 00:03:55,760 the name that comes in after the word to hex and zero x without the quotes. 45 00:03:55,900 --> 00:04:01,030 And that way you'll be able to execute to select the columns used in the this statement right here. 46 00:04:01,030 --> 00:04:05,480 Just make sure you remove the single quote and it's going to work for you. 47 00:04:05,480 --> 00:04:10,940 Now because the tables Select Table statement worked and this statement will work because they're pretty 48 00:04:10,940 --> 00:04:12,380 much the same statement. 49 00:04:12,380 --> 00:04:18,760 The only difference is that this one selects users and the other one selects based on the database name 50 00:04:20,640 --> 00:04:26,880 so in this lecture we see how we can bypass some difficulties we can see with Eskdale injections. 51 00:04:27,120 --> 00:04:35,070 And we did that by converting the text to heggs and by playing around with the injection parameter. 52 00:04:35,070 --> 00:04:36,770 So try anisette it. 53 00:04:36,840 --> 00:04:43,080 Other quote remove a quote maybe try to encrypt it use percentage 27 or stuff like that basically just 54 00:04:43,080 --> 00:04:46,330 play around with the parameters until you get it to work.