1
00:00:01,080 --> 00:00:01,770
Welcome back.

2
00:00:02,620 --> 00:00:04,880
Let's do the first example of ethical injection.

3
00:00:05,420 --> 00:00:11,620
So in the previous video, we took a quick guide that told us how exactly we can exploit certain types

4
00:00:11,620 --> 00:00:12,560
of ethical injection.

5
00:00:13,210 --> 00:00:17,780
Right now, let's see how we can put that to practice with our WASP.

6
00:00:18,040 --> 00:00:19,210
B.W., a machine.

7
00:00:20,410 --> 00:00:25,450
So what I want you to do is I want you to go to the WASP Mutilate to.

8
00:00:26,450 --> 00:00:33,950
And from here, I want you to navigate to us 2013, a one injection eskow, and we want to go with the

9
00:00:34,010 --> 00:00:37,370
first example, which is user info ask you out.

10
00:00:38,240 --> 00:00:39,260
Let's click on that.

11
00:00:39,830 --> 00:00:45,200
And this is the application that we want to try to perform Eskil injection on.

12
00:00:45,770 --> 00:00:51,260
So if we follow the same guide from the previous video, we should be able to get it to work.

13
00:00:51,920 --> 00:00:52,850
Let's give it a try.

14
00:00:53,420 --> 00:00:56,460
So first, let's take a look at the application itself.

15
00:00:56,480 --> 00:01:01,900
It requires the name and the password in order to view account details.

16
00:01:02,600 --> 00:01:05,720
Let's type anything just to see whether it will work.

17
00:01:05,960 --> 00:01:14,360
Click on the account details and we get results for test zero records found authentication, error,

18
00:01:14,480 --> 00:01:16,490
bad username or password.

19
00:01:18,390 --> 00:01:25,080
If we remember from the previous video, in most cases, we can take a look whether there is an ESKILD

20
00:01:25,080 --> 00:01:31,470
injection on a webpage, if we make the application run into an error by specifying something like a

21
00:01:31,470 --> 00:01:33,960
single quote, let's give it a try.

22
00:01:33,960 --> 00:01:40,950
If we tried to specify a single quote for both name and password and we click on View Account details.

23
00:01:43,230 --> 00:01:46,200
We still don't get anything.

24
00:01:46,770 --> 00:01:52,040
Let's also give it a try like this test single code and test single code.

25
00:01:52,620 --> 00:01:57,900
Perhaps we can make it crash or perhaps we can make it give us some details that we didn't have.

26
00:01:58,410 --> 00:02:02,060
And by those details, I mean something like this error message.

27
00:02:02,310 --> 00:02:06,570
So we typed in test single code for the name and for the password.

28
00:02:06,900 --> 00:02:09,150
And it gave us this error message.

29
00:02:09,960 --> 00:02:16,080
We didn't exploit it yet, but we are aware that this does cause an error in the application.

30
00:02:16,470 --> 00:02:23,610
And if we take a closer look inside this error, it does also give us the Esequiel query used to query

31
00:02:23,610 --> 00:02:24,300
the database.

32
00:02:25,520 --> 00:02:31,460
If we take a look where our user name is being specified, we have single, quote, creating a problem

33
00:02:31,460 --> 00:02:36,780
right here and we also have a single quote, creating a problem in the password variable.

34
00:02:37,280 --> 00:02:37,700
Why?

35
00:02:38,150 --> 00:02:44,990
Well, because both of them have one open single quote into to close single quote resulting in this

36
00:02:44,990 --> 00:02:45,320
error.

37
00:02:46,220 --> 00:02:50,600
So what we can do is we can try to perform the same thing from the previous video.

38
00:02:50,990 --> 00:02:52,100
Just this time.

39
00:02:52,110 --> 00:02:57,830
We don't really know the correct username like we did in the previous lecture or in the previous guide.

40
00:02:59,090 --> 00:03:00,380
How can we bypass that?

41
00:03:00,680 --> 00:03:10,970
Well, we can type the same comment, which is, for example, test single quote or one equals one.

42
00:03:12,020 --> 00:03:19,970
And we can type this for both username and password now, since our username is in the middle of the

43
00:03:19,970 --> 00:03:25,050
syntax, we can't really use dash dash at the end to comment out the rest.

44
00:03:25,430 --> 00:03:32,210
So what we are going to do is we're going to type it in like this test, single code or single quote.

45
00:03:32,210 --> 00:03:36,190
One single quote equals single code one.

46
00:03:36,680 --> 00:03:38,070
This will be our username.

47
00:03:38,840 --> 00:03:43,820
Now, you could be asking, well, why didn't we specify single code at the end?

48
00:03:44,240 --> 00:03:49,010
Well, that is because we already have it inside the ESKIL query.

49
00:03:49,460 --> 00:03:53,160
Our input is getting stored between the single quotes by default.

50
00:03:53,540 --> 00:04:00,050
So this and single code inside of the username will replace the end single quote that should belong

51
00:04:00,050 --> 00:04:01,340
to this one.

52
00:04:01,820 --> 00:04:02,300
No.

53
00:04:03,270 --> 00:04:10,680
And then we will get the username to be equal to test or one on their single code is equal to one under

54
00:04:10,680 --> 00:04:12,870
single quotes, which should be correct.

55
00:04:13,590 --> 00:04:18,420
We want to specify the same thing for our password.

56
00:04:21,670 --> 00:04:27,400
So pretty much you can just copy and paste it right here, and if we click on View Account details,

57
00:04:28,120 --> 00:04:29,320
scroll a little bit down.

58
00:04:29,860 --> 00:04:30,600
Here it is.

59
00:04:31,000 --> 00:04:33,340
We successfully exploited the application.

60
00:04:33,340 --> 00:04:40,750
And now since we didn't specify a unique user, now we got the entire database of users outputted right

61
00:04:40,750 --> 00:04:41,070
here.

62
00:04:41,590 --> 00:04:50,350
We got their usernames and passwords as well as their signature, and we got passwords for every username

63
00:04:50,350 --> 00:04:51,450
inside the database.

64
00:04:52,120 --> 00:04:54,710
Now you can see how dangerous this can be.

65
00:04:54,730 --> 00:05:02,080
Now we can access any of these accounts that we got right here by going simply on the login screen,

66
00:05:02,230 --> 00:05:05,680
which is right here, and specifying their username and password.

67
00:05:06,580 --> 00:05:13,660
This was also a simple example, but nonetheless, it has a powerful result that you can really do some

68
00:05:13,660 --> 00:05:14,290
damage with.

69
00:05:14,860 --> 00:05:21,490
But in the next lecture, we're going to take a look at more advanced example inside of our TBWA application.

70
00:05:22,050 --> 00:05:23,050
Thank you for watching.

71
00:05:23,050 --> 00:05:24,940
And we'll see you in the next lecture.