I said "because ippsec does that" more times than I'd like to admit. Great video!
@paulito1261
11 ай бұрын
That voice, this will became legendary. Good work on this cannel.
@randomlegend631
8 ай бұрын
Thank you so much for all you do for the community.
@bigbooduh
5 ай бұрын
Iv seen a lot of videos but nothing compares to this, Thank you IPPSEC!
@charlesnathansmith
10 ай бұрын
This is really helpful! Fwiw it is a binary search because you're searching for the test char inside the range of valid printable chars, which is ordered
@RealCyberCrime
11 ай бұрын
Great stuff! I'm a blue teamer but love this kind of content
@Bigchi3f
11 ай бұрын
I was literally just banging my head last week pen-testing a website and the WAF kept lighting me up, thank you!! gonna start with the previous video.
@jayanthd779
2 ай бұрын
One of the advance tricks and techniques are used in your video, thanks for sharing
@0xmmn
11 ай бұрын
Thanks a lot for this tutorial; it really helped me. You're amazing as usual. I think that finding SQL injection itself is hard nowadays, not because it doesn't exist, but because of WAFs and probably some security filters that harden the process of finding it. Also, finding it can be tedious if it's a second order. I believe that SQL injection exploitation could be easier than finding it. Some say HTB is incomparable to real-world examples. Probably the closest to reality is the OSWE course. Anyway, thanks again for your effort. Please continue uploading to this playlist when you're free. If you don't mind, making videos about code review and CodeQL would be amazing, as it eases the process a lot and could be more reliable than Snyk's automated scan.
@h8handles
11 ай бұрын
I do not know how you do videos in one take like this (or make it seem so) good stuff!
@ippsec
11 ай бұрын
The sponsor segment has a cut in it, forgot to mention something. But other than that it is one long take, just lots of practice and a dislike for editing
@h8handles
11 ай бұрын
Yeah I'm fine on twitch when I hit record I'm like uhm uhh ah uhm how do I type again???@@ippsec
@blabla-gr9tj
11 ай бұрын
So informative, thank you🙏🏻
@cyberwarfare-yt1wq
3 ай бұрын
duam you are so so good .....i like you man . real prof man ,
@tntxqx8281
11 ай бұрын
Absolutely amazing keep going ippsec
@profesurtom
3 ай бұрын
.Honestly i never thought you will be looking that smart 🤣🤫.Thanks for your content btw . may god give you peace and happiness.>>>
@_hackwell
11 ай бұрын
That's brilliant! I really need to dive deeper into sql syntax. I like to do injections manually as I don't trust sqlmap that much. BTW I used this kind of technique last week in Postgres using the startsWith statement ;-) I'd really like videos about how to identify CMSes , APIs and their exploit specificity. Getting foothold is for me the hardest part of a box
@ippsec
11 ай бұрын
The video you're commenting on goes into enumerating the types of DB's. Think its near the end when I talk about SQLMap
@_hackwell
11 ай бұрын
@@ippsec yep that was a generic comment for all who will read what I wrote. You demonstrated several times that SQLmap hardly finds injections. That's why I prefer doing it by hand. No pun intended 😀
@_hackwell
11 ай бұрын
@@ippsec more seriously, if you feel like making some videos about CMS's and APIs that would be awesome 684076
@chathurangabw33
11 ай бұрын
Great stuff as usual 😃👍
@zackma
11 ай бұрын
So cool, love it.
@Deaple
11 ай бұрын
woooow the man showed his face :O nice video as always :)
@amrsorour2602
11 ай бұрын
My hero!
@ESER-vw5ql
11 ай бұрын
POG MOST BASED MAN
@tg7943
10 ай бұрын
Push!
@DM-qm5sc
11 ай бұрын
Why are you so awesome?
@王永涛
10 ай бұрын
只能说大佬牛逼
@AUBCodeII
11 ай бұрын
Ipp!
@yuyu-ce4fz
11 ай бұрын
i am curius, why want true result to 0 and fault result to 1
@ippsec
11 ай бұрын
You just want to make sure the output is different. If the result was always 0, then you wouldn't be able to identify a true/false. For example, if the output is the same for 1=1 and 1=2, then there's no way for you to enumerate.
@yuyu-ce4fz
11 ай бұрын
Sorry my question not clear. if I setting result, I would set true result to 1 and fault result to 0😅
@yuyu-ce4fz
11 ай бұрын
Mysql Boolean result also true = 1 & fault = 0 (hope I remember right)
@ippsec
11 ай бұрын
@@yuyu-ce4fz Ah, yeah you are right I just went by exit codes. At the end of the day it doesn't matter as all you need is a different result for True/False.
@the_terrorizer
3 ай бұрын
Holy crap when was there a face reveal??
@yayakumar
11 ай бұрын
script source link please. 😊
@j3r3miasmg
11 ай бұрын
36 // 2
@Shintowel
11 ай бұрын
How to bypass Sql injection false positive 😢😢😢
@ippsec
11 ай бұрын
If it is truly a false positive, then there is nothing to bypass by definition it is not vulnerable. My Advanced SQL Union Injection and this video, should get you to a point where you can exploit majority of SQL Injections.
@dariusvlogs3634
11 ай бұрын
Where can we find the code
@ippsec
11 ай бұрын
I'll put it in github.com/IppSec/ctf-scripts later today
@dariusvlogs3634
11 ай бұрын
@@ippsec thank you sec, you are the best!
@dariusvlogs3634
11 ай бұрын
I still dont see it there please @@ippsec
@felixkiprop48
11 ай бұрын
Great, Never put all your trust on tools, they ain't perfect.
@jondo-vh8tx
11 ай бұрын
must be a homemade waf that didnt detect the single quote
@ippsec
11 ай бұрын
It was cloudflare, that being said I didn't show the exact evasion done here but hinted along it with the process i followed.
@jondo-vh8tx
11 ай бұрын
@@ippsec oh ok got it...i didnt catch the hint. i was like how the heck didnt the waf capture the ' :D
Пікірлер: 48