1
00:00:00,120 --> 00:00:02,670
Sequel injection attacks.

2
00:00:02,670 --> 00:00:05,220
So what is sequel injection.

3
00:00:05,220 --> 00:00:13,580
Well sequel injection is where we inject malicious sequels statements into a sequel database.

4
00:00:13,630 --> 00:00:21,040
These are super easy to avoid but it still happens very often and it happens due to poor code.

5
00:00:21,040 --> 00:00:27,610
We'll talk about that in the defense section but if we're successful with a sequel injection attack

6
00:00:28,030 --> 00:00:34,270
we're capable of reading databases extracting information modifying databases and potentially we can

7
00:00:34,270 --> 00:00:36,700
even get a shell with this.

8
00:00:36,730 --> 00:00:41,500
So from here let's go ahead and talk about some common sequel verbs.

9
00:00:41,500 --> 00:00:44,030
These are things you're going to be seeing and you should know.

10
00:00:44,110 --> 00:00:48,790
So feel free to take notes on this or just watch the first time through and then take note the second

11
00:00:48,790 --> 00:00:49,540
time through.

12
00:00:49,960 --> 00:00:54,140
But these are common sequel verbs and let's just cover these really quick.

13
00:00:54,140 --> 00:00:58,500
So every single statement begins with a verb.

14
00:00:58,690 --> 00:01:04,210
And for example one you're gonna see a lot of is select and that's going to retrieve data from a table

15
00:01:05,240 --> 00:01:12,000
answer is going to add data to a table deletes going to remove data from a table updates going to modify

16
00:01:12,000 --> 00:01:20,160
a table drop is going to delete a table very malicious and union is going to combine data from multiple

17
00:01:20,160 --> 00:01:24,390
queries I'm going to give you examples of all these statements here in just a second.

18
00:01:25,020 --> 00:01:31,980
So there's some other common terms that we should know as well so we could say where and that's going

19
00:01:31,980 --> 00:01:35,150
to filter records based on specific conditions you're going to see.

20
00:01:35,150 --> 00:01:36,560
Example this.

21
00:01:36,570 --> 00:01:38,260
There's and or not.

22
00:01:38,280 --> 00:01:41,460
Which is going to filter based on multiple conditions.

23
00:01:41,460 --> 00:01:49,020
So we have one condition and another condition or another condition or not a condition similar to when

24
00:01:49,020 --> 00:01:51,260
we were talking about Python earlier.

25
00:01:51,330 --> 00:01:53,040
Same logic.

26
00:01:53,040 --> 00:01:55,440
And then we have an order by as well.

27
00:01:55,440 --> 00:01:59,570
So this is going to sort records in ascending or descending order.

28
00:01:59,580 --> 00:02:05,720
Now there's a lot more terms than this but these are a very very common ones and ones you should know

29
00:02:07,360 --> 00:02:13,960
so let's look at an example let's say here that we have a sequel table and the table is called users

30
00:02:14,770 --> 00:02:17,730
and we have five users in this table.

31
00:02:17,880 --> 00:02:21,590
Now we've got Frank and the username here Frank.

32
00:02:21,840 --> 00:02:23,250
Full name Frank Castle.

33
00:02:23,260 --> 00:02:27,640
Email Punisher at Marvel dot com and the country they belong to.

34
00:02:27,660 --> 00:02:36,420
So what's gonna happen when we say select from and then we say users OK.

35
00:02:36,450 --> 00:02:44,220
Well we're going to select a star from users so Star is a wildcard and this here is an end statement.

36
00:02:44,230 --> 00:02:47,230
When we have the semicolon that's ending the statement.

37
00:02:47,230 --> 00:02:52,510
So we're just going to say select WILD CARD FROM users meaning select everything from users.

38
00:02:52,510 --> 00:02:59,850
So if we select everything from users here we're going to select this entire table if we want to select

39
00:02:59,940 --> 00:03:03,880
user I.D. and user name from users.

40
00:03:03,900 --> 00:03:04,750
Well guess what.

41
00:03:04,770 --> 00:03:11,460
We're going to just pull down this column and this column so we'll pull down user I.D. and use name.

42
00:03:11,490 --> 00:03:18,450
And we won't pull down any information from here if we wanted to select every single thing from the

43
00:03:18,450 --> 00:03:23,280
user's table where a condition applies say country equals Russia.

44
00:03:24,030 --> 00:03:29,560
Well then we're only going to pull out Natasha here the black widow or let's try one more.

45
00:03:29,560 --> 00:03:37,600
If we select everything from users where the country is the US and username equals Frank.

46
00:03:37,930 --> 00:03:45,130
Well the US to pull down all of these right except and Tasha and then we also set the condition of Frank.

47
00:03:45,160 --> 00:03:49,050
So it's only going to pull down this first column here.

48
00:03:49,060 --> 00:03:55,630
So with that all being said let's quickly talk about special characters you're going to see in sequel.

49
00:03:55,660 --> 00:04:00,670
So you saw an example of a few here we had string de limiters.

50
00:04:00,670 --> 00:04:04,410
Again we have a single quote or double quote.

51
00:04:04,420 --> 00:04:04,960
Right.

52
00:04:04,960 --> 00:04:10,510
And what that does is that just for a string similar to coding and a lot of this logic is like programming

53
00:04:10,510 --> 00:04:11,890
logic.

54
00:04:11,890 --> 00:04:13,500
We have common deliverers.

55
00:04:13,570 --> 00:04:17,660
So we have a dash dash which you're going to see here very soon.

56
00:04:17,740 --> 00:04:21,280
We have a forward slash Asterix and we have the pound sign.

57
00:04:21,280 --> 00:04:23,940
So again feels like coding.

58
00:04:23,940 --> 00:04:24,250
Right.

59
00:04:24,850 --> 00:04:26,880
And this is just another type of language.

60
00:04:27,340 --> 00:04:28,600
So we have wild cards.

61
00:04:28,600 --> 00:04:29,560
You saw the abstract.

62
00:04:29,560 --> 00:04:34,670
We also can use the percent symbol for a wild card.

63
00:04:34,690 --> 00:04:37,270
We have the end of a sequel statement which is a semicolon.

64
00:04:37,270 --> 00:04:43,170
As you saw in the last slide and then we have a bunch of programming logic.

65
00:04:43,270 --> 00:04:48,970
So we have equal signs plus signs greater than less than parentheses.

66
00:04:48,970 --> 00:04:53,980
And you can put things into programmatic logic so that's it.

67
00:04:53,980 --> 00:04:59,500
Here what we're going to do next is we're going to dive in the application and make a lot more sense

68
00:04:59,500 --> 00:05:01,000
of this and what's going on.

69
00:05:01,240 --> 00:05:05,410
We'll talk about how to test for this and some different options that we can do.

70
00:05:05,410 --> 00:05:10,270
So let's look at sequel injection and talk about the different types of sequel injection and see what

71
00:05:10,270 --> 00:05:11,590
we have available to us.