In this video, Tib3rius goes over an interesting and weird SQL injection in a NodeJS MySQL library and explains how it works.
The vulnerable app used can be found here: https://github.com/stypr/vulnerable-nodejs-express-mysql
Further reading on this exploit: https://flattsecurity.medium.com/finding-an-unseen-sql-injection-by-bypassing-escape-functions-in-mysqljs-mysql-90b27f6542b4
0:00 - Introduction
0:20 - The backstory.
7:47 - Setting up the vulnerable NodeJS web app.
10:25 - Messing around with JSON objects to cause SQL injection.
16:03 - Recreating the same attack without a JSON object.
19:23 - Outro
Twitter: https://twitter.com/0xTib3rius
Twitch: https://www.twitch.tv/0xTib3rius/
Courses: https://courses.tib3rius.com
Udemy: https://www.udemy.com/user/tib3rius/
Discord: https://discord.com/invite/4qrvKMh
LinkedIn: https://www.linkedin.com/in/tib3rius/
