Description: The second part of the series on SQLi-LABS. The first part can be accessed at this location. http://www.youtube.com/watch?v=NJ9AA1_t1Ic
This video talks on sqli detection on error based injection and emphasizes on fuzzing and enumeration. The test bed can downloaded from http://github.com/Audi-1/sqli-labs
Tags: sqli , learn SQLi , SQLi , sql injection , error based , sqli-labs ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
thanks for all the hard work! very well done. please keep them coming!
thanks for all the hard work! very well done. please keep them coming!
thanks for all the hard work! very well done. please keep them coming!
whoops. i should havw only clicked once
It has become a hobby to watch and practice and do the homework...enjoying it a lot...keep up the good work.
Super like it.... Gr8 post...Bro Keep it up
Awesome work bro ...I had a scare of sql injection even though i love it.Lots of confusion always ..Now your video series is helping me to come out.Thanks once again for your wonderful work.
The best sql injection tutorial/demo ever. I never understood the whole concert of adding a ' after id=1'
but it now makes sense.
AWESOME + THANKS
you r the most coolest teacher ever,,, i haven't found something so amazing on the net so far :D
awesome work,,, keep it up :)
awesome work man :D
enjoyin it a lot :D
a doubt
http://localhost/sqli-labs/Less-1/?id=1\ >>> gives an error cause "\" escapes the right side
then http://localhost/sqli-labs/Less-1/?id=1\--+ fixed d error, how???
if "\" escapes the right side then it becomes http://localhost/sqli-labs/Less-1/?id=1\-+ where "-+" doesn't make any sense :/
didn't unterstand dis part, can u help pls :)
@Dustin,
the escape character escapes the very next character after it. when you injected id=1\ then as you mentioned right side quote gets escaped, it would be something like this '1\' . Now when you inject 1\--+ then the escape character is trying to escape a - and not a quote, therefore you do not escape the string boundary but only entered a piece of string '1\--+'. Quotes are not getting escaped thereby you are not getting any error.
hope it makes sense. In case you have any doubt, you can find me on IRC. freenode in channel #offtopicsec and #offsec.