From the course: Ethical Hacking: SQL Injection
Join today to access over 24,600 courses taught by industry experts.
Navigating a complex injection
From the course: Ethical Hacking: SQL Injection
Navigating a complex injection
- [Instructor] I'm connected to the Hack the Box testing lab, and we'll do a scan of the server on 10.10.10.31. This is the Charon server, and if you want to feel a hands-on with this, you'll need to be in the Hack The Box lab. Connecting to the site shows what looks like a food-focused website, with a blog. There's no particular areas of interest on the site, but when we carry out our reconnaissance, we find there's a number of additional pages including the CMS data login page. Let's go and take a look at that, /cmsdata/login.php. We've got a login page here. I won't go through the whole process. But it turns out that this page isn't susceptible to SQL injection. Next, we'll go to the forgot password page. Okay, now we can start to test the page. First, let's see what it does with a random email, a@b.com. Okay. That gives an email not found, which we'd expect. Now let's try something we know will have an error,…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
(Locked)
Inferring TRUE when blind2m 47s
-
(Locked)
Using prepared SQL queries2m 24s
-
(Locked)
Getting our first sqlmap injection5m 35s
-
(Locked)
Sanitizing input to SQL3m 1s
-
(Locked)
Inserting an SQL injection via Burp Suite1m 5s
-
(Locked)
Following up with a second injection6m 31s
-
(Locked)
Defeating the WAF5m
-
(Locked)
Navigating a complex injection11m 21s
-
(Locked)
Using request messages to inject SQL5m 24s
-
(Locked)
Checking out SQLI Labs5m 53s
-
(Locked)
-