I verymuch enjoi this video keep up content like this i have seen lots of other people who do how to rooms for thm but you dont only focus on flags but also about going threw the hole content in this room. as you might guessed of my writing i am not speaking english as a motherlangue so it is harder to read in english for me then to listen to it. great video!!!
What I don't get is that you say at 35.39 that there are only two columns. But if we have id username password, isn't that 3 columns? The task also says that there are two columns. There must be an answer to this but can't work out what. In previous task they say that there is id username and password and they say table has 3 columns. totally confused.
It's wrong to say there are only two columns. Infact, there are three columns in the USERS table as you rightly pointed out: id, username, and password. Now getting to the next point, even though the USERS table has three columns, you can still use fewer columns (like SLEEP(5), 2) in time-based SQL injection to trigger the delay, because the key is just ensuring that the injection is valid. If it works without matching all the columns, it’s still successful. If matching all columns becomes necessary, you would use three placeholders, such as SLEEP(5), 2, 3. Hope this helps!
In-band SQLi 15:40 default we have article?id=1 - which in sql looks like - select * from article where id = 1 answer = article 1 1.first of we starting with adding ' so we can produce an error what informs you of SQLi existance article?id=1' ------ which in sql looks like ------ select * from article where id = 1' answer = error so now we're trying to exploit it article?id=1 UNION SELECT 1 ------ which in sql looks like ------ select * from article where id = 1 UNION SELECT 1 which means select (article?id=1) article with id 1 UNION SELECT 1(its kinda like and operator but only for SELECT ) so now its select article with id 1 and select 1 and we're getting error here "SQLISTATE[21000]: Cardinaly violation: 1222 The used SELECT statements have a different number of columns" which tells us number of columns is just different so we're going further and adding second one article?id=1 UNION SELECT 1, 2 - again same error article?id=1 UNION SELECT 1, 2, 3 - we displayed article 1 which means there is no error that could occur here so FIRST ARGUMENT article?id=1 AND SECOND ARGUMENT 1, 2, 3 HAS TO BE TRUE BLIND SQLi 25:30 again we're estabilishing number of columns in user table admin123' (this statement is true) so we're fighting with second one till we get "TRUE" UNION operator is used to combine the result-set of two or more SELECT statements 1,2,3 are columns in table like admin123' UNION SELECT 1;-- is prompting false because there must be different number of col (im not sure it could be 0) but we can assume if the table exists its more than 1 admin123' UNION SELECT 1, 2;-- again its prompting false because its not right value of columns in users table admin123' UNION SELECT 1, 2, 3;-- prompt true because we have 3 columns in users table
Great walk-through! Like the clear voice you use and easy to digest speaking.
I verymuch enjoi this video keep up content like this i have seen lots of other people who do how to rooms for thm but you dont only focus on flags but also about going threw the hole content in this room. as you might guessed of my writing i am not speaking english as a motherlangue so it is harder to read in english for me then to listen to it. great video!!!
Here at Brock Hard we teach the WHOLE lesson, not just the answers! It's totally up to YOU how you want to tackle this series! 😉
Keep going man even though it doesn’t seem to pay off now but it will someday
Great Video man. Keep it up.
Thank you, your video helped!) I didn’t understand some moments)
I don't understand some moments! 😂
is using sqlmap for these type of sql injection is better?
What I don't get is that you say at 35.39 that there are only two columns. But if we have id username password, isn't that 3 columns?
The task also says that there are two columns. There must be an answer to this but can't work out what. In previous task they say that there is id username and password and they say table has 3 columns. totally confused.
It's wrong to say there are only two columns. Infact, there are three columns in the USERS table as you rightly pointed out: id, username, and password. Now getting to the next point, even though the USERS table has three columns, you can still use fewer columns (like SLEEP(5), 2) in time-based SQL injection to trigger the delay, because the key is just ensuring that the injection is valid. If it works without matching all the columns, it’s still successful. If matching all columns becomes necessary, you would use three placeholders, such as SLEEP(5), 2, 3. Hope this helps!
what actually " SELECT 1,2,3" is ?
In-band SQLi 15:40
default we have
article?id=1 - which in sql looks like - select * from article where id = 1
answer = article 1
1.first of we starting with adding ' so we can produce an error what informs you of SQLi existance
article?id=1' ------ which in sql looks like ------ select * from article where id = 1'
answer = error
so now we're trying to exploit it
article?id=1 UNION SELECT 1 ------ which in sql looks like ------ select * from article where id = 1 UNION SELECT 1
which means select (article?id=1) article with id 1 UNION SELECT 1(its kinda like and operator but only for SELECT )
so now its select article with id 1 and select 1 and we're getting error here
"SQLISTATE[21000]: Cardinaly violation: 1222 The used SELECT statements have a different number of columns"
which tells us number of columns is just different so we're going further and adding second one
article?id=1 UNION SELECT 1, 2 - again same error
article?id=1 UNION SELECT 1, 2, 3 - we displayed article 1 which means there is no error that could occur here so FIRST ARGUMENT article?id=1 AND SECOND ARGUMENT 1, 2, 3 HAS TO BE TRUE
BLIND SQLi 25:30
again we're estabilishing number of columns in user table
admin123' (this statement is true) so we're fighting with second one till we get "TRUE"
UNION operator is used to combine the result-set of two or more SELECT statements
1,2,3 are columns in table
like
admin123' UNION SELECT 1;-- is prompting false because there must be different number of col (im not sure it could be 0) but we can assume if the table exists its more than 1
admin123' UNION SELECT 1, 2;-- again its prompting false because its not right value of columns in users table
admin123' UNION SELECT 1, 2, 3;-- prompt true because we have 3 columns in users table
password like ='...' - what a terrible method, imagine if admin used 10 alphanumeric. You will be there all year trying to crack it.
you're speaking way too fast man i couldn't get anything :/
skill issue
No offense but you spoke too fast. didn't get anything and I have been struggling with this