1
00:00:01,010 --> 00:00:04,010
Hello, everyone, and welcome to this video.

2
00:00:04,850 --> 00:00:12,620
So in this video, we're going to discuss about a school indication as to now we have already discussed

3
00:00:12,620 --> 00:00:19,580
about what is a school, how to create your database and how to write your own queries.

4
00:00:20,470 --> 00:00:29,560
Now, what is a squirrel injection, so when any attacker is able to interfere with the queries that

5
00:00:29,590 --> 00:00:39,010
the application makes to the database and can successfully retrieve any sensitive data from it, then

6
00:00:39,010 --> 00:00:40,730
it is known as a skill injection.

7
00:00:41,470 --> 00:00:48,850
So basically, the attacker gets the capability of the retrieval of the database names, the tables,

8
00:00:49,120 --> 00:00:51,810
the columns, as well as the database.

9
00:00:52,630 --> 00:01:02,380
Also, the attacker is able to get the shell of my school or any database, and sometimes that always

10
00:01:02,410 --> 00:01:09,250
shall as well through which he or she is able to execute commands onto the target server.

11
00:01:11,000 --> 00:01:13,730
All right, so what is the impact of a scale induction?

12
00:01:14,180 --> 00:01:22,700
So you must have already guessed that if any attacker is able to get the sensitive data of all the users

13
00:01:23,360 --> 00:01:28,080
from the server, then obviously it is going to be of a critical impact.

14
00:01:29,030 --> 00:01:37,260
Now, if the attacker is able to successfully identify and exploit SQL injection into any target, then

15
00:01:37,260 --> 00:01:45,200
it can lead to unauthorized access to sensitive data that can be password, credit card details, etc..

16
00:01:45,950 --> 00:01:52,850
He or she can also perform authentication bypass into multiple applications, which we are going to

17
00:01:52,850 --> 00:01:54,980
see in upcoming videos.

18
00:01:55,340 --> 00:02:02,360
But I will show you without the correct username and password how you can login into any application.

19
00:02:03,470 --> 00:02:11,510
Attacker can also retrieve the hidden data, which is not available for the public to use or see subverting

20
00:02:11,510 --> 00:02:14,380
or modifying the application logic as well.

21
00:02:14,630 --> 00:02:22,910
So the attacker gets in control of the MySQL queries and he or she can modify how the application is

22
00:02:22,910 --> 00:02:25,820
going to behave from first point to last.

23
00:02:26,600 --> 00:02:27,080
All right.

24
00:02:27,380 --> 00:02:34,130
And the last one is he or she can also execute commands onto the server, which is most dangerous.

25
00:02:34,820 --> 00:02:42,590
So this gives the capability of modifying the database as well as the deletion of anything from to the

26
00:02:42,590 --> 00:02:46,400
server, which is, again, of high critical impact.

27
00:02:47,990 --> 00:02:50,170
So what is the severity of Escorial inaction?

28
00:02:50,420 --> 00:02:57,590
You may ask, so it is considered as a P1, which is priority one, which is critical vulnerability

29
00:02:57,590 --> 00:03:05,960
on crowdsource platforms like Backroad Integrity, Sinak or Hakone, and also the crisis code for a

30
00:03:05,960 --> 00:03:12,740
successful school in action is considered to be between nine and 10, which is a critical vulnerability.

31
00:03:14,140 --> 00:03:17,530
So how are we going to test this all the way?

32
00:03:17,560 --> 00:03:20,770
Should I actually look for a school indication?

33
00:03:21,340 --> 00:03:28,960
So this is known as injection point, but actually you are going to put your payload to identify if

34
00:03:28,960 --> 00:03:35,680
the application behaves in a different manner and you successfully identify if the application is vulnerable

35
00:03:35,680 --> 00:03:37,230
to a single injection attacks.

36
00:03:37,930 --> 00:03:39,710
So work and the query be injected.

37
00:03:40,120 --> 00:03:47,860
This is the question that arises to my mind so far, a successful ESKIL injection, the injection point

38
00:03:47,860 --> 00:03:53,330
can be in the get request or in the post request, in the headers or in the cookies.

39
00:03:53,620 --> 00:03:59,770
So basically you can identify a small injection anywhere and everywhere into the application.

40
00:04:01,460 --> 00:04:09,710
OK, so how are we going to approach first of all, we are going to force the application parameters

41
00:04:09,950 --> 00:04:15,340
so any application may contain one or more parameters in all the you are.

42
00:04:16,510 --> 00:04:23,320
So first of all, we are going to force the application parameters, get a list of more and more parameters

43
00:04:23,320 --> 00:04:24,580
using Spider as well.

44
00:04:24,910 --> 00:04:31,150
Remember, when you are doing spidering, you're increasing the scope for the target application for

45
00:04:31,150 --> 00:04:34,090
identification of more and more abilities.

46
00:04:34,750 --> 00:04:40,900
Now, out of those parameters, we are going to identify one of the indication parameter, which is

47
00:04:40,900 --> 00:04:46,730
basically nothing but a variable component or one rebel parameter into the application.

48
00:04:47,470 --> 00:04:50,760
Next, we're going to check for one rebel component.

49
00:04:50,770 --> 00:04:58,060
If the application is one rebel through that parameter whenever we are going to pass our ask queries.

50
00:04:58,720 --> 00:05:05,350
Now, once our queries are getting executed onto the target, well, we have identified the parameter

51
00:05:05,350 --> 00:05:11,530
is behaving in a different manner when we are when we are giving special characters the time and we

52
00:05:11,530 --> 00:05:13,670
are following those specific parameters.

53
00:05:14,440 --> 00:05:21,270
After we have identified that we are going to attack it with injection queries and successfully exploit.

54
00:05:22,620 --> 00:05:24,040
So I hope you guys understood.

55
00:05:24,330 --> 00:05:24,880
Thank you.

56
00:05:25,110 --> 00:05:31,410
In upcoming videos, we are going to see the practical of how you can basically perform a skill in addiction

57
00:05:31,410 --> 00:05:31,860
and tanks.

58
00:05:32,130 --> 00:05:38,330
But this is the approach that you should have in your mind whenever you are going to practice for a

59
00:05:38,340 --> 00:05:41,880
skill injection, attacks on any Web application.

60
00:05:42,240 --> 00:05:42,720
Thank you.