SQL Injecting Beyond Strict Filters - Union Without Comma

Published: 02 October 2023
on channel: IppSec

17,008

681

00:00 - Introduction
01:57 - Showing the trick and explaining why its important to understand the methodology behind finding the technique and not just the technique itself
03:50 - Going over the Flask App
05:45 - Showing Snyk highlighting the SQL Injection, then talking a little bit about Snyk and why it is awesome.
08:00 - Running the webserver and explaining why DEBUG mode should always be disabled
09:30 - Running SQLMap to inject into the URL Parameter
11:00 - Manually discovering the SQL Injection through good enumeration, and showing a Burpsuite URL Encoding Quirk
12:50 - SQLMap showed nothing, Run SQLMap again but this time make sure it starts with a valid result to see it does find something
13:20 - Going into the code to show why exploitation is hard, I'm using Pydantic to do strict typing and input filtering
17:36 - Showing how SQLMap discovered there were 4 columns without using a comma, thanks to the ORDER BY method
18:55 - Enumerating for bad characters with FFUF by putting characters after the SQL Comment
21:30 - Showing SQLFiddle, which is a great way to play and test SQL Queries
24:05 - Eliminating comma's from the Union Injection with (select * from (select 1) as a join (select 2) as b)
26:00 - Testing the SQL Injection against our web application
28:55 - Securing the code and fixing the SQL Injection via prepared statement
31:30 - Showcasing Github Copilot Chat to help fix our code
35:00 - Fixing a XSS Issue, then rerunning Snyk to show all vulnerabilities are fixed

Watch video SQL Injecting Beyond Strict Filters - Union Without Comma online, duration hours minute second in high quality that is uploaded to the channel IppSec 02 October 2023. Share the link to the video on social media so that your subscribers and friends will also watch this video. This video clip has been viewed 17,008 times and liked it 681 visitors.

443