Interactive SQL Injection

Подписаться 1,8 млн

Просмотров 23 тыс.

50% 1

Try the Interactive SQL Injection hub on Hacking Hub! jh.live/hackin...
Learn Cybersecurity - Name Your Price Training with John Hammond: nameyourpricet...
Learn Coding: jh.live/codecr...
WATCH MORE:
Dark Web & Cybercrime Investigations: • Tracking Cybercrime on...
Malware & Hacker Tradecraft: • Malware Analysis & Thr...
📧JOIN MY NEWSLETTER ➡ jh.live/email
🙏SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/discord ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware
🔥RU-vid ALGORITHM ➡ Like, Comment, & Subscribe!

Опубликовано:

16 сен 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 66

@robbertvriens4351 19 дней назад

It’s a common misconception that you will get the first record when adding LIMIT 1 to a SELECT statement. You will get 1 record, but unless you specify the ORDER BY, it’s up to the database to provide you with any record.

@carius989 16 дней назад

Yeah, recently had that at work. Postgres for example orders by an internal row named "ctid" by default. Thats the location of the row within the table. I initially thought the ctid would only change when a row is updated. My usecase was to store data from the last x days in the table and never update rows, but just add new ones and delete old ones with a cron trigger. I then discovered that ctid can change, even if the rows are not updated. Postgres sometimes automatically runs a "vacuum" (cleanup) that frees up space after rows are deleted. That can change the ctids of the existing rows even tho they are not updated. I then added a real index number to sort the rows for each day

@bluesquare23 14 дней назад

Good to know!

@watermelonpiebread 19 дней назад

The reason it always expects you to use id='0' or just '' is because you have to remove the original query's output to make your added result the first row. In a real-world situation, only the first row is returned as the article content on the web page. Subsequent rows are ignored. So they made that form look like a browser window.

@jonmayer 19 дней назад

Yes, I'm surprised he didn't get this to explain it better. Showing the actual query results were hindering him from teaching the lesson actually.

@CoastalCult 19 дней назад

Just being very blunt and honest here. US $80 for a single module is quite an ask.

@BuildHackSecure 19 дней назад

Nooo, that’s for the whole course which includes the SQLi module , and there’s a 50% discount.

@cinderwolf32 10 дней назад

If anyone is learning SQL from this please note that from a developer perspective, at least with MySQL, LIMIT 1 OFFSET 1 is the proper way to perform pagination since it's far more expressive than LIMIT 1,1

@Divino_1 8 дней назад

far less

@ai-spacedestructor 19 дней назад

dont know about the guys mentioned but i would personally find it funny if randomly after multiple years of career an expert would tweet that they just finished the beginners course.

@DavidAlvesWeb 19 дней назад

what's wrong with that? shouldn't we revisit the fundamentals every once in a while? it's always nice to get a refresher on fundamental concepts!

@ai-spacedestructor 19 дней назад

@DavidAlvesWeb I didn't say that, funny doesn't mean bad. Funny means funny, if you have trouble with the definition I suggest going to elementary school before using RU-vid.

@Aba-abdelmasih 19 дней назад

@@ai-spacedestructor Lmfao

@bakurathewerewolf8121 19 дней назад

i just started watching your videos couple weeks ago and it's really making me want to learn how to code or program but I feel dum XD but want to learn

@nordgaren2358 19 дней назад

Don't feel dumb. Just get started. It just takes time to learn, but you can do it! I promise!

@ASI_SOLUTION 19 дней назад

I have tried to do so much courses but I haven't completed lets see from start

@shaikhwaqas-m3l 19 дней назад

we need merchs !! :D

@DavidRomigJr 19 дней назад

As another poster pointed out, you kept getting answers occasionally wrong because you would return article data in those attempts in the first row. The faux web page was only showing the first row, so you were not showing any secret data at all. To remove the article data being returned you need to set id to a non-match, such as 0 or empty string, anything but 1 in this case.

@N1ckdgr8 19 дней назад

Hey @John Hammond, I remember there was a CTF making competition where we can submit our challenges and they will be reviewed and awarded later. I created one challenge and submitted but never heard back ?? Im curious what happened?

@mprokop6 19 дней назад

quite a steep price, when compared to THM

@beck2424 19 дней назад

You have a typo on the instructions of part 7 - "in descening order", missing the "d" in "descending"

@tatubr2 19 дней назад

Nice!

@sad_man_no_talent 19 дней назад

OHH John hammond I never thought u didn't knew password is first encrypted and then saved to the database

@nordgaren2358 19 дней назад

Depends on the implementation?

@sad_man_no_talent 19 дней назад

@@nordgaren2358 I mean it's best practice though it's even in the OWASP

@AyaanAhmado 19 дней назад

I missed this kind of content keep it up Hammond this is refreshing to watch🎉

@shaikhwaqas-m3l 19 дней назад

John my favorite cyber security person, you the GOAT

@AfarTech 19 дней назад

Nice bro

@nathancoats6432 19 дней назад

You guys are GANGSTA!

@JackBright4908 19 дней назад

I got 2 questions: how much does it cost to make it from start to finish Does it teach from total noob to certified expert

@fsbgaming1588 19 дней назад

does owasp and asvs help as std? or there any better way

@ChristophHellmann 19 дней назад

Will prepared statements protect from this?

@danielmuthama7288 19 дней назад

Please take us through the last test in another video please

@kikkerpoesGD 19 дней назад

At 2:03 the leaderboard icon is the same as the logo of gemairo

@Gli7chSec 19 дней назад

Nice

@iblackfeathers 19 дней назад

2:08 in that video shot i thought it was a man with a loud print shirt sitting in front of a table. then i later realised there is a laptop right there. 😂 the print in the laptop almost makes it camouflaged... that would be funny to make laptop skins that match tshirts you are wearing and coordinate your outfit with your laptop.

@BuildHackSecure 19 дней назад

Hahaha, that’s me, I never noticed until now that it does blend in a little too much haha😂