1
00:00:00,830 --> 00:00:08,120
OK, now I will perform a sequel injection Attack Online Websites, so I have opened our browser for

2
00:00:08,120 --> 00:00:16,590
this to maintain privacy and let's use Google keywords like in your RL column.

3
00:00:17,300 --> 00:00:24,140
Now, I hope you know the meaning of this in neutral means whatever words I'm typing here in front of

4
00:00:24,140 --> 00:00:24,920
these keywords.

5
00:00:26,030 --> 00:00:27,950
Show me the results there.

6
00:00:27,980 --> 00:00:30,440
These words containing the URL of a website.

7
00:00:30,440 --> 00:00:36,680
For example, if I type admin login BHB OK and hit enter.

8
00:00:37,800 --> 00:00:44,550
Then you will get results only where the you are of our website will contest these three words.

9
00:00:44,590 --> 00:00:53,080
OK, so admin login and BHP, so only show me the login page in BHP, OK.

10
00:00:53,610 --> 00:00:55,960
So this way you will filter out the results.

11
00:00:56,160 --> 00:01:08,460
Now if I add one more keyword like site Callon and then I end OK, I end for India so you can see that

12
00:01:08,460 --> 00:01:14,130
it's showing me the yuan with dot in admin login and BHP.

13
00:01:14,700 --> 00:01:19,500
OK, so all of these words are contained in the search engine results.

14
00:01:19,770 --> 00:01:20,120
Right.

15
00:01:20,890 --> 00:01:29,400
OK, so let's open one more tab and let's try this on, let's say, piqué for Pakistan.

16
00:01:30,490 --> 00:01:40,150
Right, so now we have all of these reserves from dot pecky websites only, OK, for example, if I

17
00:01:40,150 --> 00:01:44,530
open any of these websites, I will get direct access to its login page.

18
00:01:45,150 --> 00:01:51,070
Right now, it doesn't matter whether the website is secure or not is a good indication.

19
00:01:51,070 --> 00:01:53,200
Still works on both of these.

20
00:01:53,420 --> 00:02:01,470
OK, because some of the Web site's owner are not aware of this vulnerability or they don't care about

21
00:02:01,490 --> 00:02:02,580
website security.

22
00:02:02,740 --> 00:02:03,070
Right.

23
00:02:04,120 --> 00:02:12,040
So now I will post the video because I have to open some random websites and to maintain the privacy

24
00:02:12,040 --> 00:02:18,420
of a website and its owner, I even edit this video and hide some of the important information.

25
00:02:19,120 --> 00:02:24,700
I found two different websites which are vulnerable to Estherville injection, OK?

26
00:02:24,880 --> 00:02:29,110
And the important information is hidden just to maintain the privacy.

27
00:02:29,800 --> 00:02:35,200
Now, this is the actual injection which is working on these two websites.

28
00:02:35,230 --> 00:02:42,580
OK, see, it is not mandatory that a single ESKIL injection will work on all of the websites which

29
00:02:42,580 --> 00:02:43,890
are vulnerable to school.

30
00:02:43,930 --> 00:02:47,050
OK, so we have a list of Escott injections here.

31
00:02:47,440 --> 00:02:50,970
I will attach this list with the resources of this lecture.

32
00:02:50,980 --> 00:02:52,720
OK, you can download it from there.

33
00:02:53,680 --> 00:02:59,680
OK, so you have to a single every single SQL injection on both username as well as password fee.

34
00:03:00,280 --> 00:03:06,820
OK, so here is the username and password.

35
00:03:07,450 --> 00:03:07,810
Right.

36
00:03:08,770 --> 00:03:10,440
Simply click on click here.

37
00:03:13,110 --> 00:03:15,540
And this is the.

38
00:03:18,070 --> 00:03:25,040
Admin panel right now, we can do whatever we want because we are now admin here.

39
00:03:25,070 --> 00:03:29,350
OK, you can see here, which is admin dashboard DOT, BHP, right.

40
00:03:29,950 --> 00:03:33,180
So for now, let me close this website.

41
00:03:33,400 --> 00:03:37,360
Remember, never try to log out from a website, OK?

42
00:03:37,360 --> 00:03:39,490
Because that will create logs.

43
00:03:40,570 --> 00:03:40,870
Right.

44
00:03:40,960 --> 00:03:42,240
So disgusting.

45
00:03:42,250 --> 00:03:42,850
The session.

46
00:03:43,780 --> 00:03:45,570
And now here is another website.

47
00:03:45,580 --> 00:03:48,930
So let's try the same injection on this as well.

48
00:03:49,750 --> 00:03:51,520
And if I try to log in.

49
00:03:53,710 --> 00:03:57,740
OK, so it has given me the access and here is the data of this website.

50
00:03:57,790 --> 00:04:03,880
Now I have hidden some of the important information just to maintain the privacy of the website as well

51
00:04:03,880 --> 00:04:04,980
as its customers.

52
00:04:04,990 --> 00:04:05,380
Right.

53
00:04:06,870 --> 00:04:14,750
OK, so this way you can hack a life website using a ESKIL injection now being a responsible person.

54
00:04:15,130 --> 00:04:18,440
Don't try to hack a website without the permission of the owner.

55
00:04:18,980 --> 00:04:19,450
OK.