Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:01,170 --> 00:00:07,110
In the previous video, we have seen how authentication bypass can be done by exploiting sequel injection
2
00:00:07,810 --> 00:00:12,780
be used, a standard sequinned payload, which is X or X equals specs.
3
00:00:13,380 --> 00:00:15,270
This is not the only payload, though.
4
00:00:15,270 --> 00:00:17,540
It is a standard sequel injection payload.
5
00:00:18,000 --> 00:00:24,660
We can modify it in whichever way we want as long as it forces the query to return true value and doesn't
6
00:00:24,660 --> 00:00:26,490
break the syntax of the sequence.
7
00:00:27,240 --> 00:00:31,410
So let's make a small modification to this payload and see if it works.
8
00:00:32,100 --> 00:00:39,300
I'm just going to change this x2 way and instead of equal values are not equal here.
9
00:00:40,020 --> 00:00:45,370
So this payload should still true because X is not equal to Y, which is true in this case.
10
00:00:45,390 --> 00:00:47,630
So this should still return to.
11
00:00:48,150 --> 00:00:52,640
So let's try to inject this payload into the login page and see what happens.
12
00:00:56,630 --> 00:01:04,070
I'm pasting the payload here and pasting the payload here, too, and let's click login.
13
00:01:06,440 --> 00:01:08,580
Look at that, even that payload work.
14
00:01:09,050 --> 00:01:14,500
So what it means is it doesn't always have to be a payload that you take from the Internet.
15
00:01:14,780 --> 00:01:17,730
You can customize the payload according to your situation.
16
00:01:18,170 --> 00:01:21,540
I just wanted to touch upon modifying a standard payload.
17
00:01:21,920 --> 00:01:26,960
So you want to stick to standard payloads that you copy from the Internet and you get to know that you
18
00:01:26,960 --> 00:01:29,800
can also modify the payload according to your needs.
19
00:01:30,410 --> 00:01:30,730
Right.
20
00:01:30,770 --> 00:01:32,750
So that's an indication bypass.
21
00:01:32,750 --> 00:01:35,360
But secret injection is much more than this.
22
00:01:35,680 --> 00:01:38,660
We can extract the content from the entire database.
23
00:01:38,960 --> 00:01:43,520
So in the next video, let's discuss some advanced sequel injection picnic's.
2411
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.