Published On Jul 23, 2023
In this video, Tib3rius completes the Visible Error-based SQL Injection lab from Portswigger Web Academy.
The lab completed was: https://portswigger.net/web-security/...
Portion of my other video explaining how to identify database variants: • Hacker101 CTF - Photo Gallery (Medium...
0:00 - Introduction
0:20 - Starting Lab: Visible error-based SQL injection
2:04 - Identifying the SQL injection in the cookie.
2:09 - Explaining how to identify database variants using concatenation.
4:45 - Explaining the concept of exploiting error-based SQL injection.
9:17 - Extracting the database version number via the error message.
10:42 - Attempting to extract the password from the users table, running into truncation issues.
11:49 - Defeating the truncation using shorthand casting syntax, removing the cookie value, and concatenating everything.
13:01 - Extracting the passwords from the table, solving the lab.
15:03 - Outro
Twitter: / 0xtib3rius
Twitch: / 0xtib3rius
Courses: https://courses.tib3rius.com
Udemy: https://www.udemy.com/user/tib3rius/
Discord: / discord
Threads: https://www.threads.net/@0xtib3rius
LinkedIn: / tib3rius
Facebook: / 0xtib3rius
InfoSec Exchange: https://infosec.exchange/@tib3rius
Bluesky: https://bsky.app/profile/tib3rius.bsk...