1 00:00:01,380 --> 00:00:07,410 SQL injection, it is one of the biggest and most serious vulnerabilities out there. 2 00:00:08,310 --> 00:00:17,370 As injection happens, once the database query is taking an argument of an unfiltered user input, usually 3 00:00:17,610 --> 00:00:21,420 those inputs are something like usernames or passwords. 4 00:00:22,230 --> 00:00:26,940 It could also be something like an input on a page where you search for a specific product. 5 00:00:27,540 --> 00:00:31,130 Whatever it is, the backend process is the same. 6 00:00:31,780 --> 00:00:35,910 Our input is getting sent to the database of the website. 7 00:00:36,810 --> 00:00:40,530 The database checks whether our input is stored somewhere. 8 00:00:41,100 --> 00:00:43,860 Usually this is something like a password check. 9 00:00:44,070 --> 00:00:47,820 So the website would send the hash of our password that we inputted. 10 00:00:47,820 --> 00:00:52,170 It would send it to the database and it would see whether it can find the match. 11 00:00:52,860 --> 00:00:59,130 If the match is found and we input the correct password, then the database confirms it to the server 12 00:00:59,160 --> 00:01:02,130 and we get to log in to our account. 13 00:01:02,970 --> 00:01:04,890 Now, this is just an example. 14 00:01:05,099 --> 00:01:08,340 It doesn't have to be passwords that we input. 15 00:01:08,670 --> 00:01:13,470 It can be any type of application as long as it communicates with the database. 16 00:01:14,250 --> 00:01:21,450 And as we know, this communication between the server and the database is being done with the help 17 00:01:21,450 --> 00:01:30,670 of something like an ESKIL is just the programming language used to communicate with the database. 18 00:01:31,740 --> 00:01:39,840 Now, all of this is how a normal application should act, but this is all considered if our input does 19 00:01:39,840 --> 00:01:41,310 indeed get well filtered. 20 00:01:42,090 --> 00:01:50,070 But what if we as attackers, instead of sending our regular input that the application expects, we 21 00:01:50,070 --> 00:01:52,340 send an e-mail query? 22 00:01:53,220 --> 00:01:56,360 Well, that is when the problems can occur. 23 00:01:57,000 --> 00:02:01,260 And in this vulnerability, it can be a really big problem. 24 00:02:02,040 --> 00:02:09,630 If the input isn't filtered and our Esequiel query gets through, then what we can do is we can craft 25 00:02:09,630 --> 00:02:16,350 a query that could maybe tell the server to drop or send us the entire database. 26 00:02:17,500 --> 00:02:25,240 If we were to do this successfully, we would have all the usernames and passwords and all the private 27 00:02:25,240 --> 00:02:30,190 information of all the users registered on that specific website. 28 00:02:31,210 --> 00:02:40,150 As you can imagine, this can be really bad, an example of an ethical query that can be used to extract 29 00:02:40,150 --> 00:02:44,350 something from the database looks something like this. 30 00:02:45,460 --> 00:02:51,820 So it says select elements from people where condition. 31 00:02:52,950 --> 00:03:01,140 The things in the square brackets would get exchanged for elements and tables that are inside the database. 32 00:03:01,920 --> 00:03:09,270 So the real life command that's a real website could potentially send to the database could look something 33 00:03:09,420 --> 00:03:10,080 like this. 34 00:03:11,160 --> 00:03:17,610 Select star sign from books where I.D. equals the five. 35 00:03:18,770 --> 00:03:26,540 Now, this star sign is simply just referred that says select everything every time you see the stars 36 00:03:26,540 --> 00:03:28,360 on it usually means everything. 37 00:03:28,400 --> 00:03:36,050 So select everything from the table called books, where the idea is equal to five. 38 00:03:36,590 --> 00:03:45,300 And I could potentially be in ideas for products or user or pretty much anything depending on the application. 39 00:03:45,320 --> 00:03:48,420 And this is just an example of a normal ESKIL query. 40 00:03:49,070 --> 00:03:56,030 In the practical lectures, we we'll see how we can manipulate user input and ask your language in order 41 00:03:56,030 --> 00:03:58,520 to get information from the database. 42 00:03:59,270 --> 00:04:00,320 See you in the next lecture.