1
00:00:00,240 --> 00:00:05,730
Hi, everyone, from this lecture onwards, we are going to start with Escorial one zero one, so I'm

2
00:00:05,730 --> 00:00:07,800
going to Logits is going to be very crucial.

3
00:00:07,800 --> 00:00:13,590
If you want to learn Eskil injection sooner, first understand what is SQL injection.

4
00:00:13,950 --> 00:00:16,110
So Ascoli stands for a structured query.

5
00:00:16,110 --> 00:00:22,110
Language on it is a standard language used for retrieving and manipulating data in a relational database

6
00:00:22,110 --> 00:00:24,990
management system, which is also called RDBMS.

7
00:00:25,410 --> 00:00:32,100
So duties exist through the use of Qualys, which allows information to be created, read, updated

8
00:00:32,100 --> 00:00:32,850
and deleted.

9
00:00:32,850 --> 00:00:33,660
It's upon you.

10
00:00:34,050 --> 00:00:37,290
And DBRS can be used in a variety of situations.

11
00:00:37,500 --> 00:00:43,020
But one of the most common configuration is a database serving as a backbone to the application.

12
00:00:44,050 --> 00:00:50,770
So inserting Exxon's upper forms, such as logging or searching queries, are sent from the application

13
00:00:50,770 --> 00:00:51,470
to the database.

14
00:00:51,490 --> 00:00:53,620
So this is the basic procedure of it.

15
00:00:54,010 --> 00:00:56,140
And now let's talk about injection.

16
00:00:56,150 --> 00:00:56,880
What is addiction?

17
00:00:57,070 --> 00:01:04,270
Cindy Sheehan is allowed to occur when input are not properly sanitized and an attacker can enter malicious

18
00:01:04,270 --> 00:01:08,930
ethical commands in order to access data that should always be out of sight.

19
00:01:09,700 --> 00:01:16,000
So as congestion is generally considered to be a high impact because it allows attackers to retrieve

20
00:01:16,000 --> 00:01:22,330
sensitive information, tamper with the data and destroy data, or even escalate religious and issue

21
00:01:22,360 --> 00:01:24,190
operating system commands on the server.

22
00:01:24,850 --> 00:01:31,780
So generally, any kind of input on a Web page is potentially vulnerable to ESKIL injection because

23
00:01:31,780 --> 00:01:34,050
that is where it interacts with the database.

24
00:01:35,240 --> 00:01:41,630
So authentication form where the user logs in with the username and password are the most common types

25
00:01:41,630 --> 00:01:48,530
of input and data exploit as such, such as we can talk about, like search forms, contact forms and

26
00:01:48,530 --> 00:01:51,980
file uploads at all, potential target for an injection.

27
00:01:53,000 --> 00:01:59,450
So now, guys, in this lecture, we will explore the basics of school in order to better understand

28
00:01:59,450 --> 00:02:02,240
the types of attacks that you can perform.

29
00:02:02,750 --> 00:02:06,320
So first of all, let's talk about the anatomy of a database.

30
00:02:06,830 --> 00:02:12,680
So data contains in a location based database is stored in objects called tables.

31
00:02:13,160 --> 00:02:19,340
So these tables are the virtual representation of relations between different elements, which consist

32
00:02:19,340 --> 00:02:21,300
of rows and columns, as you can see it.

33
00:02:22,310 --> 00:02:25,010
So, OK, guys, let me change the color of it.

34
00:02:27,010 --> 00:02:31,600
So now these are the columns and these are the rules.

35
00:02:31,630 --> 00:02:39,350
OK, so we are having one, two, three, four columns in this table and actually four roads, actually

36
00:02:39,380 --> 00:02:44,170
three rows, actually, OK, because we will not consider it as OK.

37
00:02:44,770 --> 00:02:47,380
So as we all know that this is how it looks.

38
00:02:47,380 --> 00:02:47,610
Right.

39
00:02:48,190 --> 00:02:54,210
OK, subfields, which are columns of the table, represents a specific piece of information, whatever,

40
00:02:54,210 --> 00:02:54,620
every record.

41
00:02:54,880 --> 00:02:58,490
So this is better illustrated in this particular table as you can see here.

42
00:02:59,170 --> 00:03:02,980
So I be having it name, username, password and all the details.

43
00:03:03,340 --> 00:03:10,090
So this table contains three records and fulfills each user in the database is given and I'd name,

44
00:03:10,240 --> 00:03:12,030
username and password.

45
00:03:12,820 --> 00:03:19,420
In reality, tables are much larger than this and can contain millions of records and the database itself

46
00:03:19,420 --> 00:03:22,000
can hold just as many as DBL.

47
00:03:22,480 --> 00:03:30,160
So you can see how valuable Escalon Jackson is to an attacker with this most data ripe for picking snow.

48
00:03:30,190 --> 00:03:35,040
Guys, let's talk about the data type and operators and what is the syntax of it.

49
00:03:35,530 --> 00:03:41,650
So in order to understand the data that we are working with, we need to know that there are different

50
00:03:41,650 --> 00:03:50,500
types of data utilizing squill, all the exact data type of very before we can see very different between

51
00:03:50,500 --> 00:03:51,520
the database system.

52
00:03:51,670 --> 00:03:55,660
In most of the cases, they are similar enough to tell what they are.

53
00:03:55,690 --> 00:03:59,400
Usually they are categorized by the text number and date.

54
00:03:59,920 --> 00:04:04,630
So operators allows us to manipulate and interact with the data in the.

55
00:04:05,680 --> 00:04:12,370
So they are five main categories of operators like automatic bitwise comparison compound and logic.

56
00:04:12,910 --> 00:04:19,540
So most of these are similar to other programming languages, but few are simply different.

57
00:04:20,870 --> 00:04:26,960
OK, so now let's actually see what the syntax and the statements suggest.

58
00:04:27,500 --> 00:04:33,350
So if you talk about the syntax in a statement so called statements are the code that is passed to the

59
00:04:33,350 --> 00:04:36,620
database in order to retrieve or modify data.

60
00:04:36,920 --> 00:04:40,640
So now let's look at the example, as you can see here.

61
00:04:40,760 --> 00:04:42,260
So this example here.

62
00:04:43,110 --> 00:04:45,050
OK, so don't look at this example.

63
00:04:45,320 --> 00:04:46,720
I understand the square.

64
00:04:47,090 --> 00:04:48,860
So first we are having select.

65
00:04:51,110 --> 00:04:58,840
A star from user weird name, uh, is equal to John Smith, so first part of the statement is select.

66
00:04:58,870 --> 00:05:02,280
OK, let me change the color because this is not visible to the eyes.

67
00:05:02,530 --> 00:05:08,750
OK, so first of all, we need to take this first date and we just select from selected from.

68
00:05:09,120 --> 00:05:16,180
So this simply means that select all the fields from the user table or select all the fields from the

69
00:05:16,180 --> 00:05:16,830
user table.

70
00:05:17,040 --> 00:05:22,950
Now here we are having Veera so we're close specified that we only want to see information from the

71
00:05:22,950 --> 00:05:24,000
record we are.

72
00:05:24,000 --> 00:05:26,730
John Izmit is equal to Nate.

73
00:05:27,090 --> 00:05:30,080
OK, so this is how this statement works.

74
00:05:30,360 --> 00:05:32,610
So Ascoli just single calls for a string.

75
00:05:32,790 --> 00:05:38,580
All the maldita with system will permit double codes and the semicolon marks at the end of the statement.

76
00:05:38,590 --> 00:05:39,930
So this is the basic syntax.

77
00:05:40,140 --> 00:05:45,090
So it should be noted that key words like select and are Akis insensitive.

78
00:05:45,240 --> 00:05:47,130
That means they are not case sensitive.

79
00:05:47,530 --> 00:05:53,020
OK, so now let's understand what is comments enescu it.

80
00:05:53,910 --> 00:05:59,970
OK, so as you can see here, we are having, as we all know, every programming language contains how

81
00:05:59,970 --> 00:06:06,840
to command OK, in every program programming language there is the section of command which in which

82
00:06:07,230 --> 00:06:10,390
brogrammer which you used for inside their programming language.

83
00:06:10,890 --> 00:06:16,150
OK, but in case of actual school we are having this is a single line.

84
00:06:16,590 --> 00:06:18,770
OK, so let's understand it.

85
00:06:19,200 --> 00:06:25,440
So select from user, select from users which will select everything from U.S. will display.

86
00:06:25,740 --> 00:06:30,960
OK, so this is multiline in if you want to do a single incoming Ulu using the word hyphen and if you

87
00:06:30,960 --> 00:06:39,330
do, if you want to do multiple anchorman's, you will use this symbol and this and you can just close

88
00:06:39,330 --> 00:06:39,630
it by.

89
00:06:39,640 --> 00:06:46,890
This is a skill induction exploits the way complaints are handled by the rendering, uh, certain parts

90
00:06:46,890 --> 00:06:48,360
of the query unnecessary.

91
00:06:49,020 --> 00:06:51,210
So now, guys, let's see this one.

92
00:06:53,390 --> 00:06:54,340
Let's see this one.

93
00:06:56,360 --> 00:07:02,570
So this will retain all the records from the database since an empty string, as you can see.

94
00:07:02,630 --> 00:07:04,400
And so what this all means here.

95
00:07:04,640 --> 00:07:07,280
OK, so what it will do, let's understand it first.

96
00:07:07,520 --> 00:07:08,830
So select from users.

97
00:07:08,840 --> 00:07:12,420
It will select a user table and then we use a name.

98
00:07:12,860 --> 00:07:17,620
Is this or one is equal to one and password.

99
00:07:17,840 --> 00:07:19,010
So what it will do.

100
00:07:19,250 --> 00:07:26,690
So guys, in this case, let's understand this will simply return all the records from the database

101
00:07:26,690 --> 00:07:32,840
since an empty string or one is equal to one, which as you can see here, this is the empty string

102
00:07:32,990 --> 00:07:40,690
and one is equal to one always evolutis at two and the double basses, as you can see here, coming

103
00:07:40,760 --> 00:07:41,890
out the password fit.

104
00:07:41,900 --> 00:07:47,810
So that is why commencing a school is very important.

105
00:07:48,170 --> 00:07:53,150
OK, so now, guys, let's see some more we can say key words.

106
00:07:53,570 --> 00:08:00,200
So they are also key words that exist to make change, arranging data easier, such as min max between

107
00:08:00,200 --> 00:08:00,770
inaudible.

108
00:08:01,500 --> 00:08:05,510
OK, so now as you can see, we are having this organization table.

109
00:08:05,780 --> 00:08:07,910
So this table is long in session.

110
00:08:08,210 --> 00:08:09,630
OK, what is right, Gosa.

111
00:08:09,860 --> 00:08:12,530
OK, so log in.

112
00:08:15,280 --> 00:08:16,840
S. is the name of the statement.

113
00:08:17,240 --> 00:08:22,290
OK, so suppose we wanted to know who was logged in in the longest and when.

114
00:08:22,570 --> 00:08:30,850
So the query will simply, as you can see here below would return the Idee username and the softest

115
00:08:30,850 --> 00:08:34,960
and longest session Vidana between duded as our listeners nodded.

116
00:08:35,290 --> 00:08:44,020
So what it would do to select Idy it was select this username to select this and minimum minimum session

117
00:08:44,020 --> 00:08:47,530
length minimum session and it will select from this.

118
00:08:48,600 --> 00:08:57,030
Maximum sition from Log-in session, maximum session and the longest we're log-in builds between one

119
00:08:57,300 --> 00:09:00,530
2021 and 2005 one.

120
00:09:00,660 --> 00:09:05,820
OK, so what it will do, it was select each and everything in between these parameters.

121
00:09:06,030 --> 00:09:08,020
I will give you the result.

122
00:09:08,370 --> 00:09:08,660
OK.

123
00:09:08,700 --> 00:09:11,170
So this is how it works.

124
00:09:11,550 --> 00:09:15,700
So group by concertedly, we can see here we are having Kuraby.

125
00:09:15,810 --> 00:09:24,710
So now what is good by Sugrue by consolidates the rules by I.B. and order by Max Linta and it sausen

126
00:09:24,720 --> 00:09:27,840
in decreasing order to the user.

127
00:09:28,440 --> 00:09:28,690
OK.

128
00:09:28,740 --> 00:09:36,360
So other useful statements includes insert into which insert some new record into a table, updates

129
00:09:36,360 --> 00:09:42,670
which updates existing record in a table and deletes to which is used to delete record in the table.

130
00:09:42,870 --> 00:09:49,410
So these steps squaddies can be useful for Eskil injection when you want to do more than just retrieve

131
00:09:49,410 --> 00:09:50,910
information from the database.

132
00:09:51,390 --> 00:09:57,270
OK, so an attacker could insert a new record indicating that they had bought something from online

133
00:09:57,270 --> 00:10:02,570
store, for example, and claims that they never received the product and can be compensated for it.

134
00:10:02,790 --> 00:10:08,590
So if they really wanted to cause maximum damage to a drop, statement could be used here.

135
00:10:08,610 --> 00:10:13,830
So drop they will will remove an existing table and the database will drop.

136
00:10:13,830 --> 00:10:16,340
Stateman will remove the entire database itself.

137
00:10:17,410 --> 00:10:24,490
So now let's understand what is doing and union, so joints are used to combine for combined rules from

138
00:10:24,490 --> 00:10:28,680
different tables, so when there is a fear related between them.

139
00:10:29,020 --> 00:10:32,470
So here is as you can see, we are having user table.

140
00:10:32,840 --> 00:10:34,810
OK, so here we are having to use a table.

141
00:10:36,010 --> 00:10:37,660
Let me first name them.

142
00:10:38,260 --> 00:10:42,360
This is the user and what the stabling.

143
00:10:42,370 --> 00:10:43,790
Let's say it is login.

144
00:10:44,500 --> 00:10:46,680
So having those two tables.

145
00:10:46,990 --> 00:10:50,020
So now these are the greatest that we have here.

146
00:10:50,020 --> 00:10:52,870
Select user select users.

147
00:10:52,870 --> 00:10:57,040
It will select this table, not use it will select username logins.

148
00:10:58,340 --> 00:11:08,530
Loggins date details log-in dot, it was like this from users in a joint logging on user ID and logging.

149
00:11:08,780 --> 00:11:10,190
So it will simply in a joint.

150
00:11:10,190 --> 00:11:15,890
So any joint or simply joint like, as you can see here, was simply written records that have matching

151
00:11:15,890 --> 00:11:17,110
data in both the tables.

152
00:11:17,450 --> 00:11:23,120
So I left joint returns, all records from the left table, as well as a record that matches in the

153
00:11:23,120 --> 00:11:24,740
right to surveiled.

154
00:11:24,740 --> 00:11:25,110
Right.

155
00:11:25,440 --> 00:11:32,780
While we if we see a like right joint returns all records from the right tool as well as record in the

156
00:11:32,780 --> 00:11:33,300
left over.

157
00:11:33,770 --> 00:11:39,350
So a full joint will return all records that match in either the left or the right table.

158
00:11:39,740 --> 00:11:42,920
All the joints are not required for fiscal injection.

159
00:11:43,310 --> 00:11:50,660
They can prove they they can be proved very useful when extracting information across table after you

160
00:11:50,660 --> 00:11:52,160
have found your way in.

161
00:11:52,910 --> 00:11:56,330
So now, guys, let's talk about union.

162
00:11:57,200 --> 00:11:58,110
So what does the union.

163
00:11:58,340 --> 00:12:03,700
So in the last lecture we have talked about join, but in this case, going to talk about a union.

164
00:12:03,980 --> 00:12:08,680
So unions used to combine distinct data from to a more select statements.

165
00:12:08,990 --> 00:12:16,460
Each state one must have the same data type and the same number of columns, and they they must be in

166
00:12:16,460 --> 00:12:17,430
the same order.

167
00:12:17,450 --> 00:12:21,790
So this thing should be noted down that they must do it in the same order.

168
00:12:22,010 --> 00:12:30,380
So Union all does does the same thing, but it won't eliminate duplicate rules in case we are the same

169
00:12:30,380 --> 00:12:33,740
data exist in both of the union tables.

170
00:12:34,040 --> 00:12:39,620
So now let's look at the example that we are having two tables and that is used here.

171
00:12:39,620 --> 00:12:40,460
And this is.

172
00:12:42,330 --> 00:12:43,260
User.

173
00:12:43,500 --> 00:12:46,470
And this one, let's take it as admin.

174
00:12:47,990 --> 00:12:53,150
OK, so we are having two tables, so as you can see, this is the query that we have here.

175
00:12:54,850 --> 00:13:01,840
So it will simply join password from user and password and Union Pathfinder's will simply join us.

176
00:13:02,080 --> 00:13:06,250
OK, so obviously this won't be normal carry that is run against the database.

177
00:13:06,250 --> 00:13:13,390
But if we were allowed to inject this, we could obtain the admin password or any other information

178
00:13:13,390 --> 00:13:15,530
that isn't usually accessible.

179
00:13:16,270 --> 00:13:23,350
So guys, this is all about Escadrille injection basics because these are the things that you should

180
00:13:23,350 --> 00:13:23,650
know.

181
00:13:24,130 --> 00:13:32,170
So if you don't understand anything you can ask me, I will answer your question within 24 hours.

182
00:13:32,390 --> 00:13:36,850
And if you have any doubt, you can simply reverse the video.

183
00:13:37,000 --> 00:13:42,250
And it will be very easy to understand because A is not a very tough thing.

184
00:13:42,280 --> 00:13:43,720
This is like English language.

185
00:13:43,990 --> 00:13:48,880
So, guys, I hope you guys understand in the next lecture we're going to overhaul SQL injection because

186
00:13:49,030 --> 00:13:53,080
what what what is the approach for a second injection?

187
00:13:53,320 --> 00:13:59,530
So I will teach you in the next lecture how to approach Eskild injection, how to exploit SQL injection

188
00:13:59,650 --> 00:14:04,000
and what are the commands that will be useful and how you can use commensal union.

189
00:14:04,010 --> 00:14:10,290
And so this these two lectures are going to be very crucial if you want to learn script injection.

190
00:14:10,540 --> 00:14:11,470
So thank you words.

191
00:14:11,470 --> 00:14:13,240
I hope you guys understand and thank you.

192
00:14:13,250 --> 00:14:14,020
What in this lecture.