This video will focus on what an attacker can do after they find a valid SQLi. We will review the options and automate some of them in our script.
- [Narrator] Hi, and welcome to video 6.3…In this video, we're going to learn how to…exploit SQL injections, and how to automate this in Python.…In the previous video, we have learned to create a script…that will help us to detect…SQL injections in web applications.…In this video, we are going to learn what kind…of data we can extract with an SQL injection…and then we're going to automate some of these…techniques like automating basic data extractions…in our SQL injector script from the previous video.…
Once we identify a valid SQL injection,…it's time to decide what we are going to look for.…Here, we have a list of the most typical things.…Basic data, for example, database version,…user running the database, current database,…database directory, et cetera.…Advanced Data, Mysql username and password,…databases, table names, column names,…content from tables…OS Files, we can read any file in the filesystem…as long as the user running the database has privileges…These are some of the most useful and…typically extracted data.…
Stop using automated testing tools. Customize and write your own tests with Python! While there are an increasing number of sophisticated ready-made tools to scan systems for vulnerabilities, Python allows testers to write system-specific scripts—or alter and extend existing testing tools—to find, exploit, and record as many security weaknesses as possible. This course will give you the necessary skills to write custom tools for different scenarios and modify existing Python tools to suit your application's needs.
Christian Martorella starts off by providing an overview of the web application penetration testing process and the tools the professionals use to perform these tests. Next he shows how to interact with web applications using Python, HTTP, and the Requests library. Then follow the web application penetration testing methodology. Each section contains practical Python examples. To finish off, Christian shows how to use the tools against a vulnerable web application created specifically for this course.
- Understanding web penetration testing
- Interacting with web applications via HTTP and the Requests library
- Analyzing HTTP responses
- Web crawling with Scrapy
- Extracting information
- Discovering resources
- Testing passwords
- Detecting and exploiting SQL injection vulnerabilities
- Intercepting HTTP requests