1
00:00:00,990 --> 00:00:07,710
So in the last lesson on cross scripting, we completely destroyed the database that was stored here

2
00:00:07,710 --> 00:00:11,460
on the excess has stored page, it will not even stay on this site.

3
00:00:11,980 --> 00:00:13,560
It will say hacked, hacked.

4
00:00:13,560 --> 00:00:15,960
And then take us to the GOP website.

5
00:00:16,290 --> 00:00:19,440
Well, let's clear that up so that we can do some sequel injection.

6
00:00:19,450 --> 00:00:22,950
Let's go to set up and then create that reset the database.

7
00:00:22,960 --> 00:00:24,990
Now we come back to cross site scripting stored.

8
00:00:25,260 --> 00:00:30,690
You'll see it's back to empty with just one comment down there and none of our other attacks.

9
00:00:30,700 --> 00:00:32,280
That's the great thing about Devoir.

10
00:00:32,580 --> 00:00:34,650
We don't have to do a lot of work to reset everything.

11
00:00:34,650 --> 00:00:38,160
We can just come back to set up and reset the database.

12
00:00:38,610 --> 00:00:41,780
But let's go to sequel injection ESKIL Injection.

13
00:00:41,790 --> 00:00:49,470
That's the other broad class of HTML or website attack that we need to be familiar with, because any

14
00:00:49,470 --> 00:00:55,950
time we have a form that interacts with a database and most of our forms interact with databases because

15
00:00:55,950 --> 00:01:01,170
we want to store that information, someone's entered in on our server, we need to take care to make

16
00:01:01,170 --> 00:01:03,470
sure that we don't enable sequel injection.

17
00:01:03,480 --> 00:01:08,850
That means injecting some or a structured query language that runs our database.

18
00:01:09,250 --> 00:01:11,100
Give you a quick just a quick example.

19
00:01:11,100 --> 00:01:17,040
Let's submit a user I.D. Let's try one that tells me that that's the administrator to.

20
00:01:18,820 --> 00:01:24,130
Gordon Brown, so I'm just looking through a database, and this is, of course, made to be a little

21
00:01:24,130 --> 00:01:28,420
easier than normal, we normally can't just test through all of the different users here.

22
00:01:29,620 --> 00:01:32,020
All right, so we have about five uses, it looks like.

23
00:01:32,560 --> 00:01:37,880
Well, that's because it's using just the ID information here, right?

24
00:01:38,410 --> 00:01:43,570
So it's taking in this one and turning it into a query that goes on to the database.

25
00:01:44,050 --> 00:01:46,980
Well, we have our devoir security set to load.

26
00:01:46,990 --> 00:01:55,740
So if I come back the sequel injection and say one quote or one equals quote one.

27
00:01:56,440 --> 00:01:58,210
Now, this is a strange syntax.

28
00:01:58,210 --> 00:02:00,660
I know, but I'll zoom in a little more there.

29
00:02:01,000 --> 00:02:05,350
That is one quote or one equals quote one.

30
00:02:06,590 --> 00:02:08,120
This is equerry.

31
00:02:09,070 --> 00:02:17,080
I'm changing Macquarie in my normal cycle, usually this is where user ID equals quote and then whatever

32
00:02:17,080 --> 00:02:24,310
we put inside one and so we've said one quote, so admin or one equals one?

33
00:02:24,320 --> 00:02:25,900
Well, one is always equal to one.

34
00:02:25,900 --> 00:02:26,310
Right.

35
00:02:26,320 --> 00:02:31,480
And we put this quote here so that when it finishes the quote on the other side of the database, this

36
00:02:31,480 --> 00:02:34,660
should do something completely different because one is always equal to one.

37
00:02:34,660 --> 00:02:36,280
So it's not true for just one user.

38
00:02:36,520 --> 00:02:40,420
It's true for all the users.

39
00:02:40,900 --> 00:02:49,330
One equals one is true for admin, Gordon Brown, Hackney, Pablo Picasso and Bob Smith.

40
00:02:49,330 --> 00:02:56,890
All that is one of the simplest versions of fuel injection or sequel injection.

41
00:02:57,830 --> 00:03:04,940
We just asked the database to tell us everything, but in this case, we were able to see all of the

42
00:03:04,940 --> 00:03:05,750
users.

43
00:03:06,720 --> 00:03:13,260
Their first name and their last name, just by doing one piece of sequel injection and this piece of

44
00:03:13,260 --> 00:03:20,040
sequel injection was not even terribly advanced to just one, quote, space or and you could do just

45
00:03:20,040 --> 00:03:20,730
about anything.

46
00:03:20,730 --> 00:03:22,800
You can do a equals.

47
00:03:23,160 --> 00:03:29,520
Hey, and notice, I just don't close that second quote because I've closed my first quote in my school

48
00:03:29,520 --> 00:03:33,870
statement, my skill command out in my Web page with this one.

49
00:03:33,870 --> 00:03:37,140
So I need to open another one back so I'll finish it out.

50
00:03:37,620 --> 00:03:39,540
And this command should do the same thing.

51
00:03:39,960 --> 00:03:45,390
Well, as always, equal to a so it's going to show for every one of those users their first name and

52
00:03:45,390 --> 00:03:51,840
last name, there are some much more advanced things that we can do with sequel injection and we'll

53
00:03:51,840 --> 00:04:00,960
see how to do things like showing all the password hash values and even how to see the name of the database

54
00:04:00,960 --> 00:04:06,780
and maybe even delete the database of all these users in the next lesson.