Dumping Data with NoSQL Injection via Regex and Python
Check out Snyk here: https://snyk.co/ippsec
00:00 - Introduction talking about the application we are testing and identifying NoSQL Injection with $ne
02:30 - Showing the RegEx Operator, which will let us do partial matches and enable us to validate characters one at a time
03:32 - Start of sponsored shoutout to snyk
04:15 - Showing Snyk find some vulnerabilities with Open Source Security
04:40 - Showing Snyk's Code Security
05:54 - Showing and talking about how to patch the vulnerability
07:37 - End of Snyk Shoutout, starting our python script to perform this NoSQL Injection
10:20 - Testing out our test_login logic to identify if we had a successful login or not
11:05 - Showing how we can identify the length of the string we want
13:20 - Creating a loop to automatically identify the length of the string
15:20 - Adding exception handling to the function and talking about the benefits
17:40 - Creating a function to get the username
20:30 - Explaining what our Get_Username function currently does
22:25 - Doing a benchmark on our first iteration of the script and seeing it takes slightly over 3 minutes
24:10 - Adding in a break so it doesn't loop over the full character set every time which gets us to 32 seconds
26:00 - Talking about the major optimization trick we are going to do, validating multiple characters at one time
27:20 - Breaking the enumerating a single character into its own function for exception-handling purposes
29:20 - Start of coding the optimization trick
35:06 - Running our code and seeing we got it down to 12 seconds. Moving on to testing the password.
Смотрите видео Dumping Data with NoSQL Injection via Regex and Python онлайн, длительностью часов минут секунд в хорошем качестве, которое загружено на канал IppSec 09 Июль 2023. Делитесь ссылкой на видео в социальных сетях, чтобы ваши подписчики и друзья так же посмотрели это видео. Данный видеоклип посмотрели 7,510 раз и оно понравилось 321 посетителям.
![Is A 360Hz Monitor Worth It For Gaming? [Simple]](https://images.reviewsvideo.ru/videos/GMQM75HnW1I)
