Podme logo
HjemOppdagKategorierSøkStudent
7MS #376: Tales of SQL Injection Pwnage

7MS #376: Tales of SQL Injection Pwnage

38:282019-08-12

Om episode

Today's episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting https://itpro.tv/7minute. We cover a lot of ground today on a variety of topics: I have an Oculus Quest now and I love it. My handle is turdsquirt if you ever wanna shoot some zombies together. I share a story that yes, does involve poop - but only the mention of it. It's nothing like the epic tale (tail?) of my parents' dog pooping in my son's dresser drawers. I had a really fun pentest recently where I found some good old school SQL injection. I took to Slack to share and since then, several of you have reached out to ask how I found the vulnerability. Here are some steps/tips I talk about on today's episode that will help: Watch Sunny's Burp courses on Pluralsight to enhance your Burp abilities Install CO2 from the BApp store When doing a Web app pentest, feed various fields SQL injection payloads, such as the ones in PayloadsAlltheThings Grab a copy of sqlmap Use sites like this one to help tune your sqlmap commands to find vulnerabilities. In the end, my command I used to dump contents of important tables was this: (See today's show notes on the 7MS Web site for more information!)

logo

PODME

INFORMASJON

  • Om informasjonskapsler
  • Generelle vilkår
  • Personvernerklæring

LAST NED APPEN

app storegoogle play store

REGION

flag
  • sweden_flag
  • norway_flag
  • finland_flag
redaktorsansvar

Podme arbeider etter Vær Varsom-plakatens regler for god presseskikk. Ansvarlig redaktør og daglig leder er Kristin Ward Heimdal. Redaktør for eksterne innholdssamarbeid er Mathias Thaulow Lisberg.

© Podme AB 2024