In this video, Tib3rius completes the Visible Error-based SQL Injection lab from Portswigger Web Academy.

The lab completed was: https://portswigger.net/web-security/...

Portion of my other video explaining how to identify database variants:    • Hacker101 CTF - Photo Gallery (Medium...  

0:00 - Introduction
0:20 - Starting Lab: Visible error-based SQL injection
2:04 - Identifying the SQL injection in the cookie.
2:09 - Explaining how to identify database variants using concatenation.
4:45 - Explaining the concept of exploiting error-based SQL injection.
9:17 - Extracting the database version number via the error message.
10:42 - Attempting to extract the password from the users table, running into truncation issues.
11:49 - Defeating the truncation using shorthand casting syntax, removing the cookie value, and concatenating everything.
13:01 - Extracting the passwords from the table, solving the lab.
15:03 - Outro

Twitter:   / 0xtib3rius  
Twitch:   / 0xtib3rius  
Courses: https://courses.tib3rius.com
Udemy: https://www.udemy.com/user/tib3rius/
Discord:   / discord  
Threads: https://www.threads.net/@0xtib3rius
LinkedIn:   / tib3rius  
Facebook:   / 0xtib3rius  
InfoSec Exchange: https://infosec.exchange/@tib3rius
Bluesky: https://bsky.app/profile/tib3rius.bsk...