1
00:00:02,010 --> 00:00:09,540
Now let's try to filter the tables to the tables that are only in our database and DWI.

2
00:00:09,570 --> 00:00:16,640
So we're going to use the word clothes the same way that we are we were using it before.

3
00:00:16,870 --> 00:00:31,470
So we're going to say where table schema equals the UI and then enter and we get an error.

4
00:00:31,590 --> 00:00:34,890
And again the error is complaining about the quotes.

5
00:00:35,130 --> 00:00:41,640
So the website probably uses some sort of security that does not allow us to put quotation marks and

6
00:00:41,640 --> 00:00:46,520
then you are out and we try to bypass that use in percentage 27 before.

7
00:00:46,650 --> 00:00:52,550
And as you see we couldn't bypass that we couldn't it was still detected.

8
00:00:52,670 --> 00:00:59,420
So we need to think of a way to write the database name and put it after the equal without putting the

9
00:00:59,570 --> 00:01:00,980
quote marks right here.

10
00:01:00,980 --> 00:01:09,090
So it is a DVD without the quote marks and we can't really do that by writing the database name as text.

11
00:01:09,290 --> 00:01:12,310
So what we're going to do now we're going to use verbs.

12
00:01:12,590 --> 00:01:21,180
And we're going to use the decoder part of it to convert the text DVD-Video to hex.

13
00:01:21,200 --> 00:01:24,200
Now the decoder is really useful and burp.

14
00:01:24,200 --> 00:01:31,190
Now remember when I was saying that the code for the code is 20 percentage 27 and the code for the hash

15
00:01:31,190 --> 00:01:33,710
tag is percentage 23.

16
00:01:33,710 --> 00:01:39,920
Now you can just type it in here and then go to as and make haste.

17
00:01:40,070 --> 00:01:45,630
You are outside and you'll see that the code for the hash tag is percentage 23.

18
00:01:45,710 --> 00:01:48,980
You can get code for any text you want really.

19
00:01:49,040 --> 00:01:54,860
For example if you put the code you get a percentage 27.

20
00:01:55,090 --> 00:02:01,120
Now what we want to do is we want to convert the text in here so that we don't have to write it between

21
00:02:01,120 --> 00:02:01,750
quotes.

22
00:02:01,810 --> 00:02:04,970
So we actually have to convert it to digits.

23
00:02:05,050 --> 00:02:11,800
And what we're going to do is we're going to convert the text of DVD A to hacks using the decoder part

24
00:02:11,860 --> 00:02:13,370
of burp.

25
00:02:13,480 --> 00:02:14,990
So I'm going to go here.

26
00:02:17,550 --> 00:02:31,080
Type DVD there when you say a the database name and we're going to encode it as hex and we're going

27
00:02:31,080 --> 00:02:33,990
to use this as after the equal March.

28
00:02:34,050 --> 00:02:42,980
So we're going to use it and instead of typing DVD-Video I say I'm going to remove this and I'm going

29
00:02:42,980 --> 00:02:45,240
to type it in zero x.

30
00:02:45,510 --> 00:02:48,750
Now everything written in hex has to start with zero X..

31
00:02:48,890 --> 00:02:54,290
So I type in zero access the start to tell the database that whatever that's going to come after these

32
00:02:54,290 --> 00:02:56,660
two characters is going to be next.

33
00:02:56,690 --> 00:02:59,840
Therefore I don't need to use quotation marks for it.

34
00:03:00,050 --> 00:03:08,490
And then I'm going to put the code that I got which is 6 4 7 6 7 7 6 1 and that's it.

35
00:03:08,490 --> 00:03:11,820
So we converted the database name to hex.

36
00:03:11,820 --> 00:03:15,350
I'm going to copy this exploit pasted in here

37
00:03:22,610 --> 00:03:25,850
hit enter.

38
00:03:25,890 --> 00:03:29,860
I forgot to remove the single quote from the start because this is the medium level.

39
00:03:29,880 --> 00:03:32,780
We don't need the code.

40
00:03:32,790 --> 00:03:33,440
Here we go.

41
00:03:33,450 --> 00:03:39,890
It's working and we got the tables that's only related to our current database which is DVD.

42
00:03:40,140 --> 00:03:44,250
And the tables are against work and users.

43
00:03:44,260 --> 00:03:49,990
Now every time you need to use our work laws you need to use it the same way that we did it now by converting

44
00:03:50,230 --> 00:03:55,760
the name that comes in after the word to hex and zero x without the quotes.

45
00:03:55,900 --> 00:04:01,030
And that way you'll be able to execute to select the columns used in the this statement right here.

46
00:04:01,030 --> 00:04:05,480
Just make sure you remove the single quote and it's going to work for you.

47
00:04:05,480 --> 00:04:10,940
Now because the tables Select Table statement worked and this statement will work because they're pretty

48
00:04:10,940 --> 00:04:12,380
much the same statement.

49
00:04:12,380 --> 00:04:18,760
The only difference is that this one selects users and the other one selects based on the database name

50
00:04:20,640 --> 00:04:26,880
so in this lecture we see how we can bypass some difficulties we can see with Eskdale injections.

51
00:04:27,120 --> 00:04:35,070
And we did that by converting the text to heggs and by playing around with the injection parameter.

52
00:04:35,070 --> 00:04:36,770
So try anisette it.

53
00:04:36,840 --> 00:04:43,080
Other quote remove a quote maybe try to encrypt it use percentage 27 or stuff like that basically just

54
00:04:43,080 --> 00:04:46,330
play around with the parameters until you get it to work.