Completed
Known vulnerabilities endpoint
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
SQL Injection Tutorial - Union and Blind Attacks in Gin and Juice Shop
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Recap
- 3 Redeploy live audit scan
- 4 Known vulnerabilities endpoint
- 5 Review scan results
- 6 Recreate the vulnerability SQLi
- 7 Useful SQLi resources
- 8 Union vs Blind injection
- 9 Finding the correct syntax comments
- 10 Identify number of columns order by
- 11 Determine column datatypes
- 12 Enumerate databases union attack
- 13 Enumerate tables
- 14 Enumerate columns
- 15 Extract username and password
- 16 Blind SQLi attack
- 17 Determine database name length
- 18 Extract database name substring
- 19 Automate extraction with burp intruder
- 20 Issue #2: SQL in base64-encoded JSON cookie
- 21 Fail to automate with burp macros / session handling
- 22 SQLMap burp extension bApp
- 23 Test SQLMap CLI fails to get DB type/version
- 24 Conclusion