SQL Injection Tutorial - Union and Blind Attacks in Gin and Juice Shop

SQL Injection Tutorial - Union and Blind Attacks in Gin and Juice Shop

CryptoCat via YouTube Direct link

Intro

1 of 24

1 of 24

Intro

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

SQL Injection Tutorial - Union and Blind Attacks in Gin and Juice Shop

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Recap
  3. 3 Redeploy live audit scan
  4. 4 Known vulnerabilities endpoint
  5. 5 Review scan results
  6. 6 Recreate the vulnerability SQLi
  7. 7 Useful SQLi resources
  8. 8 Union vs Blind injection
  9. 9 Finding the correct syntax comments
  10. 10 Identify number of columns order by
  11. 11 Determine column datatypes
  12. 12 Enumerate databases union attack
  13. 13 Enumerate tables
  14. 14 Enumerate columns
  15. 15 Extract username and password
  16. 16 Blind SQLi attack
  17. 17 Determine database name length
  18. 18 Extract database name substring
  19. 19 Automate extraction with burp intruder
  20. 20 Issue #2: SQL in base64-encoded JSON cookie
  21. 21 Fail to automate with burp macros / session handling
  22. 22 SQLMap burp extension bApp
  23. 23 Test SQLMap CLI fails to get DB type/version
  24. 24 Conclusion

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.