Description: Download and sync the new lab modules from the test bed link given below.
Part 21 of the Sqli-labs series based on error based sqlinjections, blind injection boolian type and time based type. This video covers extending the test bed and deploying jsp files on TOMCAT, which serve as the WAF for the testing.
BLOG: HTTP://DUMMY2DUMMIES.BLOGSPOT.COM
Links for the Downloads used in the video:
1. JDBC mysql Connector: http://www.mysql.com/downloads/connector/j/
2. TOMCAT 7 download : http://tomcat.apache.org/download-70.cgi
3. JAVA jdk download : http://www.oracle.com/technetwork/java/javase/downloads/jdk7u9-downloads-1859576.html
Link to part 1: http://www.securitytube.net/video/4171
Link to part 2: http://www.securitytube.net/video/4200
Link to part 3: http://www.securitytube.net/video/4208
Link to part 4: http://www.securitytube.net/video/4210
Link to part 5: http://www.securitytube.net/video/4269
Link to part 6: http://www.securitytube.net/video/4283
Link to part 7: http://www.securitytube.net/video/4303
Link to part 8: http://www.securitytube.net/video/4326
Link to part 9: http://www.securitytube.net/video/4399
Link to part 10: http://www.securitytube.net/video/4532
Link to part 11: http://www.securitytube.net/video/4650
Link to part 12: http://www.securitytube.net/video/4667
Link to part 13: http://www.securitytube.net/video/4672
Link to part 14: http://www.securitytube.net/video/4672
Link to part 15: http://www.securitytube.net/video/5104
Link to part 16: http://www.securitytube.net/video/5562
Link to part 17: http://www.securitytube.net/video/6035
Link to part 18: http://www.securitytube.net/video/6176
Link to part 19: http://www.securitytube.net/video/6192
Link to part 20: http://www.securitytube.net/video/6318
Link for test bed: https://github.com/Audi-1/sqli-labs
Tags: sqli , SQLi , Sqli-Labs , sqli-labs walkthrough , SQL injections , sqli-labs , learn SQLi , learn sql injections , outfile , dumpfile , load_file , post sqli , sqli in POST , double query injection , update query injection , sqli in insert query , sqli in header , header based sqli , cookie injection , sqli in cookie , second order sqli , second order injection , Audi-1 , waf bypass , impedance mismatch , Audi-1 , bypass addslashes() , sqlinjection encoding attack ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
AUDI1!!! Welcome back!! how are things going mate? I will watch this as soon as I can thanks for keeping this series going! they're some more WAF bypassing techniques that I hear are going around. I'll find the video . I just couldn't hear what was being said or see to makes sense. One sec, let me get the answer... http://www.securitytube.net/video/7388
Cheers mate!
Welcome back....awesome series. A very good tutorials for beginner. If u make a tutorial over xpath-injection &remote code execution by uploading meterpreter/other shell using INTO_OUTFILE and LOAD_FILE command.... It will be really great cool.....
@ApertureSecurity
Thanks mate, life is returning back to normal after burglary at my home early this year.
Experiments with some real Waf's can make a nice demo videos but difficult to add to test bed, and a real challenge to emulate. My thought is to bring across all available techniques, explain the core logic on why it happens under this series where a user can follow along and experiment himself in their controlled environment and take it further.
I will try my best to see what can be added to the series. Thanks a ton for the pointers, I would like to keep them coming. Stay tuned for more videos ahead.
@N30,
thanks mate, those would definitely become part of the series at a later stage, ... For now i am focusing on adding stuff on filter bypass, then come secondary channel extraction using DNS or smb and then add something on writing files to file system, or reading and executing commands etc using backend database.
@ApertureSecurity
Good to see my video being used as pointers.
I am sorry about the clarity of the video.If u want the slides just ping me up :)
I am also planning to doing a series on firewall evasions in sqli after my ex@ms
@hackforcause,
thanks for the offer. I am currently focused on MySQL and techniques associated with it. Later i plan to move to MSSQL, ORACLE and postgres. As stated above the biggest challenge i face it to bring forth the underlying logic involved in injections in a repeatable way, which can be tested and emulated on test bed provided. Second challenge is to ensure all dhakkans liike me gets to understand the logic. I am open to all sort of ideas, so if anyone wants to see something, can send me a message at auditor.sec[at]gmail.com
Nice! Tuto
Thanks For the Share.
@Audi Curious for those stuff. From Part 1 - till now I got a very clear idea over Sqli....
In some of your videos u have describe to bypass waf(restriction OR & AND) by changing it to || and && but i am faceing some problm when i build query(.....from information_schema.....) bcuz it containing OR in word information...
So here, I think for couple of minutes and find out that if I put a extra o & r may be I can bypass it. Then I rebuild query and use infoorrmation word instead of information and I am able to bypassed successfully and also using this technique I can also bypass the word OR (oorr instead of or) and this is also applicable for UNION SELECT.
Here I have a question Is this technique also applicable in real life pen testing?? Bcuz I personally not see any types of tutorial for waf bypassing using this technique.....
@N30
Yes, you can bypass it like that and you would find these issues in real world situations.
There are numerous ways to reach the goal, when you start to discover things , means you are following the right path.
@hackforacause
Yes, I'd like slides if not possible for a clearer video :)
How would you prefer giving the info?
let me know how you can transfer the info.
looks like I am not the only one with exams... :) good luck!
@ Audi
Sorry 'bout the mess mate, I was just trying to give some ideas to add upon your stuff. You have I think the best sqli labs on the net and you posses a gift to explain things very well.
Also just out of curiosity less 20 cookie based injections. Is it possible to sql inject that one bypassing the filters w/o cookie injection?
@ApertureSecurity,
It could be, I did not try it, but as server excepts multibyte characters (for New lessons) and by default MBSTRING directives not used, php functions evaluate strings as ascii causing the vulnerability. Though using multibyte injection should throw an error about charset mismatch from server but there is a possibility which can be looked into as same backend is being used for all labs.
And no sorry for the mess, I really appreciate your feedback and pointers which could improve the labs further.
Very simple and clear explanation by you Audi. It feels really good to see your new video available now.