SQL Injection - Lab #17 SQL injection with filter bypass via XML encoding | Long Version

Описание

In this video, we cover Lab #17 in the SQL injection module of the Web Security Academy. This lab contains a SQL injection vulnerability in its stock check feature. The results from the query are returned in the application's response, so you can use a UNION attack to retrieve data from other tables.

The database contains a users table, which contains the usernames and passwords of registered users. To solve the lab, perform a SQL injection attack to retrieve the admin user's credentials, then log in to their account.

▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬
Buy my course: https://academy.ranakhalil.com/p/web-security-academy-video-series

▬ ? Contents of this video ? ▬▬▬▬▬▬▬▬▬▬
00:00 - Introduction
00:13 - Web Security Academy Course (https://bit.ly/30LWAtE)
01:24 - Navigation to the exercise
01:52 - Understand the exercise and make notes about what is required to solve it
02:57 - Exploit the lab
08:07 - Summary
08:25 - Thank You

▬ ? Links ? ▬▬▬▬▬▬▬▬▬▬
Notes.txt document: https://github.com/rkhal101/Web-Security-Academy-Series/blob/main/sql-injection/lab-17/notes.txt
Web Security Academy Lab Exercise: https://portswigger.net/web-security/sql-injection/lab-sql-injection-with-filter-bypass-via-xml-encoding
Rana's Twitter account: https://twitter.com/rana__khalil