In this video, we cover Lab #6 in the SQL injection track of the Web Security Academy. This lab contains a SQL injection vulnerability in the product category field. To solve the lab, we perform a UNION based SQL injection attack that retrieves the usernames and passwords of the users of the application in a single column.
▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬
Buy my course: https://academy.ranakhalil.com/p/web-security-academy-video-series
▬ Contents of this video ▬▬▬▬▬▬▬▬▬▬
00:00 - Introduction
01:15 - Understand the exercise and make notes about what is required to solve it
02:45 - Exploit the lab manually
14:32 - Script the exploit
28:49 - Summary
29:14 - Thank You
▬ Links ▬▬▬▬▬▬▬▬▬▬
SQL injection Lab #5 video (previous video): https://www.youtube.com/watch?v=4sBdD6I7fZI
SQL Injection | Complete Guide (theory video): https://www.youtube.com/watch?v=1nJgupaUPEQ
Python script: https://github.com/rkhal101/Web-Security-Academy-Series/blob/main/sql-injection/lab-06/sqli-lab-06.py
Notes.txt document: https://github.com/rkhal101/Web-Security-Academy-Series/blob/main/sql-injection/lab-06/notes.txt
Web Security Academy: https://portswigger.net/web-security
Rana's Twitter account: https://twitter.com/rana__khalil
