Description: This video is all about Web Application hacking and you will learn how to upload a shell using SQL Injection.
Tags: hacking , hack , sqli , web-application ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Superb! I have wondered it seems to me that in SQL injection that if you can't inject a single or double quote. whether that be in a %27 or using UTF-16 - 32 That an injection is unlikely to occur because you need to some how separate what the db is requesting and the injection. Do you know of a list or a place I can read on certain bypasses for this? Or can you expound to me more on this.
Thanks
Cheers!
@ApertureSecurity if the injectable parameter is integer type then you do not need any quotes for injection. in that case you inject directly. Reference: SQLI-LABS Less-2
Yes, you're right. now that I think of it... I am not certain how I made this mistake in my mind.
Good to see you Audi! How are you doing?Any chance that we get to see more of your series or are they not all on SecurityTube?
I found a PDF kind of interesting. its in Russian, I think it makes sense in English but I have been told that it doesn't , so I am planning on translating it for us all. What I would like is, (if you have time)your input do you think any of the examples given are useful in the PDF below?
Let me know mate
Cheers!
http://www.ptsecurity.ru/download/PT-devteev-CC-WAF.pdf
is this possible with all site, i think this is possible only if the current user is root, please advise