1
00:00:00,810 --> 00:00:06,710
And this video we're going to have a look on some tips and tricks that you can use while exploiting

2
00:00:06,760 --> 00:00:09,140
as cure or injections.

3
00:00:09,250 --> 00:00:16,510
So we've seen before the two main statements that we use to discover Eskdale injections is the statement

4
00:00:16,900 --> 00:00:18,850
and the ORDER BY statement.

5
00:00:18,850 --> 00:00:25,690
Now some websites try to implement security by checking the query you are l for a number of words and

6
00:00:25,690 --> 00:00:31,470
they blacklist these words so that if they exist they don't x execute the query.

7
00:00:31,480 --> 00:00:37,870
For example they check for words like and or union select spaces and stuff like that.

8
00:00:37,870 --> 00:00:43,340
Now we see how we can bypass client sites security or filtering using verb suits.

9
00:00:43,390 --> 00:00:49,210
This is just another way to bypass some sort of some filters that's used and the server side if they're

10
00:00:49,210 --> 00:00:54,310
using a blacklist of these words then you can bypass them using the ways that we're going to talk about.

11
00:00:54,310 --> 00:01:00,400
Now for example let's say you're trying to discover and scale injection and you're going to use a valid

12
00:01:00,400 --> 00:01:03,800
statement by Taipan and one is equal to one.

13
00:01:03,820 --> 00:01:06,610
So instead of doing that you can just type it like so.

14
00:01:06,610 --> 00:01:10,990
So a capital and the and then use two two two equals two 1:58

15
00:01:14,240 --> 00:01:18,010
And other way you can do on and kept all the.

16
00:01:18,130 --> 00:01:22,160
And then put it 1 1 1 equals 1 1 1.

17
00:01:22,180 --> 00:01:24,440
This way your query will pass.

18
00:01:24,550 --> 00:01:29,640
Even if the tagged website has blacklisted and same goes for the Order By.

19
00:01:29,680 --> 00:01:38,610
You can type it like so and you'll be able to execute this query even if they blacklisted the word order

20
00:01:38,610 --> 00:01:40,110
by now.

21
00:01:40,180 --> 00:01:45,790
Let me let me just actually run this for you here so that you see when you capitalize letters like this

22
00:01:46,030 --> 00:01:47,330
the query will still work.

23
00:01:47,350 --> 00:01:52,410
So if we just type that order by one.

24
00:01:52,510 --> 00:01:55,260
Actually I forgot to put my comment here.

25
00:01:55,500 --> 00:02:01,680
And here we go you can see that it gets executed exactly the same way when you write order by one without

26
00:02:01,740 --> 00:02:03,000
without capitals.

27
00:02:04,740 --> 00:02:10,740
Now another thing that Web sites sometimes Blacklist is the space so they don't allow spaces in the

28
00:02:10,740 --> 00:02:11,760
OR ELSE.

29
00:02:11,790 --> 00:02:17,960
Now we can bypass that by writing a plus or double comment instead of the space.

30
00:02:18,120 --> 00:02:21,240
So let's have a look on a query that we were on before.

31
00:02:21,420 --> 00:02:30,870
So we do you usually do a union select one two for example and then we close it with our comment which

32
00:02:30,870 --> 00:02:38,140
is percentage 23 now after this lecture we can actually run the statement like so so we can write it

33
00:02:38,170 --> 00:02:45,640
as union with capitals select again capitalize some of the letters and then we come up with the one

34
00:02:45,640 --> 00:02:47,850
to unclose it with our comment.

35
00:02:48,320 --> 00:02:54,320
And if the spaces are being used if the spaces are blacklisted then we can put Plus's instead of it.

36
00:02:54,430 --> 00:03:05,880
So we can do a union plus select plus one to four we can write it as union double comments so we open

37
00:03:05,880 --> 00:03:13,980
a comment and close it select Open a comment and close it want to open a comment and close it and that's

38
00:03:14,000 --> 00:03:14,580
it.

39
00:03:14,640 --> 00:03:19,230
Now these statements will be executed exactly like the normal statement.

40
00:03:19,230 --> 00:03:20,390
Let me show you here.

41
00:03:20,950 --> 00:03:23,140
So don't go into Maskil injection.

42
00:03:23,500 --> 00:03:27,610
We put number one like usual this works.

43
00:03:27,760 --> 00:03:34,600
Now we can just come in here close the quote and put out a statement.

44
00:03:34,780 --> 00:03:39,760
And as you can see now the statement gets executed successfully and we can see that we can use number

45
00:03:39,760 --> 00:03:45,530
one and two to get values from the database.

46
00:03:45,540 --> 00:03:51,450
Another thing to keep in mind is the comments sometimes comments are blacklisted or sometimes not all

47
00:03:51,450 --> 00:03:55,590
of the comments work when you try to comment out the rest of the code.

48
00:03:55,770 --> 00:04:01,710
So there is a number of comments that you can try in our examples we've seen the hashtag or the percentage

49
00:04:01,750 --> 00:04:08,980
23 was the best which you can also use force like star or minus minus as comments.

50
00:04:09,000 --> 00:04:14,250
Sometimes you also have to end the statements so you have to add a semi-colon to tell that this is the

51
00:04:14,250 --> 00:04:21,720
end of the statement and then add your comment and you can also use the double forward slash as a comment

52
00:04:21,750 --> 00:04:23,400
as well.

53
00:04:23,400 --> 00:04:28,620
So we see in our examples again the hash tag was the one that works for us but sometimes that doesn't

54
00:04:28,620 --> 00:04:34,050
work then you can try everything you can try to forward for a sash you can try the forest star and you

55
00:04:34,050 --> 00:04:36,420
can try the minus minus.

56
00:04:36,420 --> 00:04:41,910
If that doesn't work then you should go ahead and add the semicolon at the end and again try for a torrid

57
00:04:41,910 --> 00:04:46,350
slash forward slash star minus minus and the hashtag.