1
1

00:00:01,920  -->  00:00:03,330
<v ->So, I just want to highlight</v>
2

2

00:00:03,330  -->  00:00:07,023
why SQL Injections are so important and so dangerous.
3

3

00:00:08,070  -->  00:00:11,220
The reason behind that is they are found,
4

4

00:00:11,220  -->  00:00:12,530
you can find them everywhere,
5

5

00:00:12,530  -->  00:00:15,150
a lot of places, a lot of big websites
6

6

00:00:15,150  -->  00:00:17,130
have these kind of exploits
7

7

00:00:17,130  -->  00:00:20,620
and like things like Yahoo, Google had them.
8

8

00:00:20,620  -->  00:00:22,580
They are very hard to protect against
9

9

00:00:22,580  -->  00:00:24,470
and it's very easy to make a mistake
10

10

00:00:24,470  -->  00:00:28,563
to make these exploits available for exploitation.
11

11

00:00:31,220  -->  00:00:33,260
The other reason that they're very dangerous
12

12

00:00:33,260  -->  00:00:35,690
is that they give you access to the database.
13

13

00:00:35,690  -->  00:00:38,240
In many scenarios, if you find an SQL Injection
14

14

00:00:38,240  -->  00:00:42,037
you really don't need to upload the PHP shell
15

15

00:00:42,037  -->  00:00:43,810
or get a reverse connection.
16

16

00:00:43,810  -->  00:00:45,980
There is really no point of uploading stuff
17

17

00:00:45,980  -->  00:00:48,820
and then increasing the danger of being caught
18

18

00:00:48,820  -->  00:00:51,300
cause if you have access to the database,
19

19

00:00:51,300  -->  00:00:53,020
as we've seen here, you pretty much have
20

20

00:00:53,020  -->  00:00:55,200
everything you need, you have usernames, passwords,
21

21

00:00:55,200  -->  00:00:56,630
you can log in with normal username
22

22

00:00:56,630  -->  00:00:58,750
and a password as a normal user,
23

23

00:00:58,750  -->  00:01:01,280
or you can, if you are looking for a sensitive data,
24

24

00:01:01,280  -->  00:01:03,850
we can see that we had access to credit cards.
25

25

00:01:03,850  -->  00:01:05,730
You pretty much can do anything you want
26

26

00:01:05,730  -->  00:01:08,370
so there is really no point of trying
27

27

00:01:08,370  -->  00:01:09,770
to further exploit the system.
28

28

00:01:09,770  -->  00:01:11,570
If you found an SQL Injection bingo,
29

29

00:01:11,570  -->  00:01:13,970
like that's all you need really.
30

30

00:01:13,970  -->  00:01:16,830
In many scenarios, we actually use a PHP shell
31

31

00:01:16,830  -->  00:01:20,130
to gain access to the database and see if we can read it.
32

32

00:01:20,130  -->  00:01:21,570
Like, say, for example, if you manage
33

33

00:01:21,570  -->  00:01:23,880
to upload a PHP shell on the server,
34

34

00:01:23,880  -->  00:01:25,730
on this server, the metasploitable,
35

35

00:01:25,730  -->  00:01:27,809
but then you couldn't access the database.
36

36

00:01:27,809  -->  00:01:29,520
There isn't much that you can see.
37

37

00:01:29,520  -->  00:01:30,700
You can't see credit cards,
38

38

00:01:30,700  -->  00:01:34,030
you can't see username and passwords, you really can't.
39

39

00:01:34,030  -->  00:01:36,290
Yeah you have control over the server,
40

40

00:01:36,290  -->  00:01:38,000
but you can't read stuff.
41

41

00:01:38,000  -->  00:01:40,310
So sometimes when you upload a PHP shell,
42

42

00:01:40,310  -->  00:01:43,293
the next step is, I need to gain access to the database.
43

43

00:01:44,880  -->  00:01:48,350
Another thing is that they can be used to do many things.
44

44

00:01:48,350  -->  00:01:51,570
So if you find if you manage to find an SQL injection
45

45

00:01:51,570  -->  00:01:53,980
in a website that is not your target,
46

46

00:01:53,980  -->  00:01:55,650
so it's not the one that you're targeting,
47

47

00:01:55,650  -->  00:01:57,380
but it's in the same server,
48

48

00:01:57,380  -->  00:02:00,670
then you can use it to read files outside the WW route.
49

49

00:02:00,670  -->  00:02:03,690
So similar to file inclusion vulnerabilities,
50

50

00:02:03,690  -->  00:02:06,380
you can use it, you can use the admin the username
51

51

00:02:06,380  -->  00:02:09,360
and password for the admin and see if you can upload stuff.
52

52

00:02:09,360  -->  00:02:11,980
Usually the admin can upload a lot of things
53

53

00:02:11,980  -->  00:02:13,290
instead of just images,
54

54

00:02:13,290  -->  00:02:15,210
and then you can upload a PHP shell
55

55

00:02:15,210  -->  00:02:16,470
or a backdoor from there.
56

56

00:02:16,470  -->  00:02:19,833
And then from there, navigate to your target computer,
57

57

00:02:21,290  -->  00:02:23,900
or to the target website, sorry.
58

58

00:02:23,900  -->  00:02:26,850
Or, you can actually in some cases,
59

59

00:02:26,850  -->  00:02:29,480
you can use it to upload a PHP shell,
60

60

00:02:29,480  -->  00:02:32,880
you can use this an SQL injection to upload a PHP shell.
61

61

00:02:32,880  -->  00:02:35,090
So basically, SQL injections can be used
62

62

00:02:35,090  -->  00:02:37,000
as file inclusion vulnerabilities.
63

63

00:02:37,000  -->  00:02:40,990
They can be used as file upload vulnerabilities.
64

64

00:02:40,990  -->  00:02:43,570
And also they'll give you access to the whole database.
65

65

00:02:43,570  -->  00:02:45,920
That's why they are very, very dangerous
66

66

00:02:45,920  -->  00:02:48,323
and very useful if you manage to find one.