Web Penetration Testing #11 - SQLMAP - SQL Injection Basics Explained

Name: Web Penetration Testing #11 - SQLMAP - SQL Injection Basics Explained
Uploaded: Jan 19, 2024
Duration: 685 s

AGWS | And Go Web Solutions611 subscribers

808 views

Jan 19, 2024

11:25

00:00 || 00:40 🎬 Introduction - Brief overview of the video content - Importance of identifying and exploiting GET request vulnerabilities 00:48 || 01:40 🔄 GET Request Vulnerability - Demonstration of a vulnerable GET request at http://testphp.vulnweb.com/listproducts.php?artists=* 01:40 || 02:15 ℹ️ sqlmap --help - Introduction to sqlmap and its basic usage - Command: sqlmap --help 02:15 || 03:45 🔎 Find Database Type - Using sqlmap to find the database type - Command: sqlmap --url http://testphp.vulnweb.com/listproducts.php?artist=1 --dbs --current-db 03:45 || 04:20 🔎 Find Current Database - Using sqlmap to find the current database - Relevant commands explained 04:20 || 06:20 🔥 Advanced -v 6 - Demonstrating advanced usage with increased verbosity - Command: sqlmap --url http://testphp.vulnweb.com/listproducts.php?artists=* --all --verbose 6 06:20 || 07:30 👤 Getting User - Using sqlmap to retrieve user information - Command and explanation 07:30 || 08:30 ⚔️ Getting Tables - Using sqlmap to enumerate tables in the database - Relevant commands demonstrated 08:05 || 08:30 ⚔️ Getting Columns - Expanding the enumeration to retrieve column information - Command: sqlmap --url http://testphp.vulnweb.com/listproducts.php?artists=1 --tables --columns 08:30 || 10:00 💉 SQL Injection Dump - Executing SQL injection dump for specific data - Command examples and explanation 10:00 || 10:50 📋 Logs - Checking and reviewing logs for additional information - Command: cat /root/.local/share/sqlmap/output/testphp.vulnweb.com/log 10:50 || 11:05 🔄 Recap - Brief recap of the key steps covered in the video - Emphasis on ethical use of penetration testing tools 11:05 || 11:24 🚪 Outro - Closing remarks and encouragement for ethical hacking - References to cheat sheets and documentation References: 1. SQL Injection - Cheat Sheet: https://pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet 2. XML Functions - MySQL: https://dev.mysql.com/doc/refman/8.0/en/xml-functions.html#function_extractvalue 3. SQL Injection - Cheat Sheet: https://perspectiverisk.com/mysql-sql-injection-practical-cheat-sheet/ 4. Test SQLMap - GeeksForGeeks: https://www.geeksforgeeks.org/use-sqlmap-test-website-sql-injection-vulnerability/ 5. SQLMap Usage: https://github.com/sqlmapproject/sqlmap/wiki/Usage 6. Hack Tricks - SQLMap: https://book.hacktricks.xyz/pentesting-web/sql

Download

0 formats

No download links available.