Union Based SQL Injection Attack For data extraction & Other Injection Flaws/Errors

Let’s talk about how you can SQL injection to retrieve interesting data. The video is detailed more on how the SQL Union attack is carried out to retrieve interesting data. I have got these three process when I’m about to test a website: 📚 Does the website talk to a DB? ✅ Look for a parameter passing(e.g: site.com/page.php?id=4) ✅ If yes - try SQL Injection 📚 Can I or someone else see what I type? ✅ If yes - try XSS 📚 Does the page reference a file? ✅ If yes - try LFI/RFI The video explains further on the points below: ✅ Messing with the GET and POST Request ✅ Telling FoxyProxy to use Burp Suite ✅ Identifying SQL injection parameter passing ✅ Understanding a Basic SQL Injection Attack ✅ Detecting SQL Injection in an Order by Clause ✅ SQL Injection UNION Attack ✅ And lot’s more……….. Time Tags 00:00 Identifying SQL injection parameter passing 00:55 Understanding a Basic SQL Injection Attack 01:28 Detecting SQL Injection in ana Order by Clause 02:40 SQL Injection UNION Attack 04:07 Data Extraction 05:00 What you must DO as a Pentester. Web App 3 Tier Architecture 06:56 "The Error Tells the Story" Injection Flaws 08:17 XML, SPARQL, LDAD Injection 10:29 Final Thoughts 📚 Interesting Infosecaddicts Blogpost: ✅ Click Here: https://infosecaddicts.com/pentestbox-a-great-set-of-tools-to-start-tests/ ✅ Click Here: https://infosecaddicts.com/free-advanced-network-pen-testing-webinar/ ✅ Click Here for other posts: https://infosecaddicts.com/ 📚 Join Our Free 21 Day hack-a-thon 📚 ✅ Register Here: https://infosecaddicts.com/free-21-day-hack-a-thon/ 📚Some Courses you may be interested in📚 ✅ Defensive Cyber ✔ Malware Analysis [https://mailchi.mp/infosecaddicts/malware-analysis] ✔ Incident Response ✔ Reverse Engineering [https://mailchi.mp/infosecaddicts/reverse-engineering] ✅ Offensive Cyber ✔ Network Penetration Tester [https://mailchi.mp/infosecaddicts/network-penetration-tester] ✔ Web App Penetration Tester [https://mailchi.mp/infosecaddicts/web-app-penetration-tester] ✔ Red Team professional 📚 Joe has some free challenges available if you're interested in joining in you can contact us using this link https://infosecaddicts.com/contact-us/ 📚 You can also sign up for a customized plan https://infosecaddicts.com/customized-program/ if you need help/guidance in your career or in learning something new. 📚 If you would like to learn more about our mentorship program you can sign up here https://mailchi.mp/infosecaddicts/mentorship 🌐 SOCIAL NETWORKS ☑️Like "InfosecAddicts" on Facebook HERE: http://bit.ly/2WQCK9a ☑️Follow InfosecAddicts on Twitter HERE: http://bit.ly/2JbIsxJ 💼 Connect with us on LinkedIn http://bit.ly/LinkedIn_InfosecAddicts ---------------------------------------------------------------------------------------- ✅ This content is for educational purposes only. InfosecAddicts focuses on training and preparing professionals and enthusiasts, to perform Ethical Hacking, penetration testing tasks focusing on prevention and security, and developing the advancement and discussion of the Cybersecurity Field 🔲 TRADEMARK LEGAL NOTICE: All product names, logos, videos, and brands are the property of their respective owners in the United States and/or other countries. All company, product and service names used in this video are for identification purposes only. The use of these names, logos, and brands does not imply endorsement. #SQLinjection #CodeInjection #SQLiBasics