1 00:00:00,810 --> 00:00:06,710 And this video we're going to have a look on some tips and tricks that you can use while exploiting 2 00:00:06,760 --> 00:00:09,140 as cure or injections. 3 00:00:09,250 --> 00:00:16,510 So we've seen before the two main statements that we use to discover Eskdale injections is the statement 4 00:00:16,900 --> 00:00:18,850 and the ORDER BY statement. 5 00:00:18,850 --> 00:00:25,690 Now some websites try to implement security by checking the query you are l for a number of words and 6 00:00:25,690 --> 00:00:31,470 they blacklist these words so that if they exist they don't x execute the query. 7 00:00:31,480 --> 00:00:37,870 For example they check for words like and or union select spaces and stuff like that. 8 00:00:37,870 --> 00:00:43,340 Now we see how we can bypass client sites security or filtering using verb suits. 9 00:00:43,390 --> 00:00:49,210 This is just another way to bypass some sort of some filters that's used and the server side if they're 10 00:00:49,210 --> 00:00:54,310 using a blacklist of these words then you can bypass them using the ways that we're going to talk about. 11 00:00:54,310 --> 00:01:00,400 Now for example let's say you're trying to discover and scale injection and you're going to use a valid 12 00:01:00,400 --> 00:01:03,800 statement by Taipan and one is equal to one. 13 00:01:03,820 --> 00:01:06,610 So instead of doing that you can just type it like so. 14 00:01:06,610 --> 00:01:10,990 So a capital and the and then use two two two equals two 1:58 15 00:01:14,240 --> 00:01:18,010 And other way you can do on and kept all the. 16 00:01:18,130 --> 00:01:22,160 And then put it 1 1 1 equals 1 1 1. 17 00:01:22,180 --> 00:01:24,440 This way your query will pass. 18 00:01:24,550 --> 00:01:29,640 Even if the tagged website has blacklisted and same goes for the Order By. 19 00:01:29,680 --> 00:01:38,610 You can type it like so and you'll be able to execute this query even if they blacklisted the word order 20 00:01:38,610 --> 00:01:40,110 by now. 21 00:01:40,180 --> 00:01:45,790 Let me let me just actually run this for you here so that you see when you capitalize letters like this 22 00:01:46,030 --> 00:01:47,330 the query will still work. 23 00:01:47,350 --> 00:01:52,410 So if we just type that order by one. 24 00:01:52,510 --> 00:01:55,260 Actually I forgot to put my comment here. 25 00:01:55,500 --> 00:02:01,680 And here we go you can see that it gets executed exactly the same way when you write order by one without 26 00:02:01,740 --> 00:02:03,000 without capitals. 27 00:02:04,740 --> 00:02:10,740 Now another thing that Web sites sometimes Blacklist is the space so they don't allow spaces in the 28 00:02:10,740 --> 00:02:11,760 OR ELSE. 29 00:02:11,790 --> 00:02:17,960 Now we can bypass that by writing a plus or double comment instead of the space. 30 00:02:18,120 --> 00:02:21,240 So let's have a look on a query that we were on before. 31 00:02:21,420 --> 00:02:30,870 So we do you usually do a union select one two for example and then we close it with our comment which 32 00:02:30,870 --> 00:02:38,140 is percentage 23 now after this lecture we can actually run the statement like so so we can write it 33 00:02:38,170 --> 00:02:45,640 as union with capitals select again capitalize some of the letters and then we come up with the one 34 00:02:45,640 --> 00:02:47,850 to unclose it with our comment. 35 00:02:48,320 --> 00:02:54,320 And if the spaces are being used if the spaces are blacklisted then we can put Plus's instead of it. 36 00:02:54,430 --> 00:03:05,880 So we can do a union plus select plus one to four we can write it as union double comments so we open 37 00:03:05,880 --> 00:03:13,980 a comment and close it select Open a comment and close it want to open a comment and close it and that's 38 00:03:14,000 --> 00:03:14,580 it. 39 00:03:14,640 --> 00:03:19,230 Now these statements will be executed exactly like the normal statement. 40 00:03:19,230 --> 00:03:20,390 Let me show you here. 41 00:03:20,950 --> 00:03:23,140 So don't go into Maskil injection. 42 00:03:23,500 --> 00:03:27,610 We put number one like usual this works. 43 00:03:27,760 --> 00:03:34,600 Now we can just come in here close the quote and put out a statement. 44 00:03:34,780 --> 00:03:39,760 And as you can see now the statement gets executed successfully and we can see that we can use number 45 00:03:39,760 --> 00:03:45,530 one and two to get values from the database. 46 00:03:45,540 --> 00:03:51,450 Another thing to keep in mind is the comments sometimes comments are blacklisted or sometimes not all 47 00:03:51,450 --> 00:03:55,590 of the comments work when you try to comment out the rest of the code. 48 00:03:55,770 --> 00:04:01,710 So there is a number of comments that you can try in our examples we've seen the hashtag or the percentage 49 00:04:01,750 --> 00:04:08,980 23 was the best which you can also use force like star or minus minus as comments. 50 00:04:09,000 --> 00:04:14,250 Sometimes you also have to end the statements so you have to add a semi-colon to tell that this is the 51 00:04:14,250 --> 00:04:21,720 end of the statement and then add your comment and you can also use the double forward slash as a comment 52 00:04:21,750 --> 00:04:23,400 as well. 53 00:04:23,400 --> 00:04:28,620 So we see in our examples again the hash tag was the one that works for us but sometimes that doesn't 54 00:04:28,620 --> 00:04:34,050 work then you can try everything you can try to forward for a sash you can try the forest star and you 55 00:04:34,050 --> 00:04:36,420 can try the minus minus. 56 00:04:36,420 --> 00:04:41,910 If that doesn't work then you should go ahead and add the semicolon at the end and again try for a torrid 57 00:04:41,910 --> 00:04:46,350 slash forward slash star minus minus and the hashtag.