@thetrumpetofbelieve The product page is a PHP and allows it to process url input (as per the POST/GET methods), it's a result page from a form action="blahblah"... It's much less likely to work with a HTML page, because they don't accept &, ?, etc modifications..
Great video. One question: why so many nulls? What purpose does the null command have to the injection? I know this may seem stupid because I get the concept of the injection, but for some reason the right answer makes no sense to me.
@dsh1224 The UNION ALL statement is combining 2 select statements, and each select statement has to select the same number of things. So with the products page, we can guess that the initial select statement is selecting an ID, a picture, a price, and description. That's 4 things, so our UNION ALL has to contain 4 things to match, even if the "email" table has less. The "*" means "select whatever's there" while null means "select nothing". A little trial/error will get you the right result.
And the answer to your question, this is just an example for learning different kinds of injections. It might work on some other sites and DBases, but I wouldn't get my hopes up.
Why do you have to go to the product page to reveal the email addresses?
thetrumpetofbelieve 2 months ago
@thetrumpetofbelieve The product page is a PHP and allows it to process url input (as per the POST/GET methods), it's a result page from a form action="blahblah"... It's much less likely to work with a HTML page, because they don't accept &, ?, etc modifications..
steveecker 1 hour ago
I will never be a Good Hacker :c I suck and always will...
cloudwolfsa 7 months ago
so how did u learn SQL injections or whatever it is called? i am wondering becuz I am interested in learnin em
pinkistoughjj 2 years ago
Great video. One question: why so many nulls? What purpose does the null command have to the injection? I know this may seem stupid because I get the concept of the injection, but for some reason the right answer makes no sense to me.
Thanks though, really a great video.
dsh1224 2 years ago
@dsh1224 The UNION ALL statement is combining 2 select statements, and each select statement has to select the same number of things. So with the products page, we can guess that the initial select statement is selecting an ID, a picture, a price, and description. That's 4 things, so our UNION ALL has to contain 4 things to match, even if the "email" table has less. The "*" means "select whatever's there" while null means "select nothing". A little trial/error will get you the right result.
ether9 1 year ago
@dsh1224 i know its kinda late to reply to this but from what ive learned of sql injection i believe null is used to represent tables
vVvzergling 3 months ago
What do i put in the subject box, anything i supose..
4goten2eat 2 years ago
Thank you so much for this vid. You really helped me out a lot with this information.
The only thing i don't get... Is the part with the UNION ALL...
Can i do this trick also on other sites or DBases or is it just a example for learning this kind of technique.
Hope to get a answer from you, thanks for the vid ;)
Greets
Froggolistic 3 years ago
No problem.
And the answer to your question, this is just an example for learning different kinds of injections. It might work on some other sites and DBases, but I wouldn't get my hopes up.
DeepFreeze1234 3 years ago
nice one bro... hey is thr anyway to do realistic mission 1 without firefox?? can i do it with my normal ie??
xmangosaintx 3 years ago
thanks, and yes.
DeepFreeze1234 3 years ago
@DeepFreeze1234 How?! I've tried notepad AND the address bar, nothing works. I had to use a Chrome tool (similar to Firebug)...
LOKKOLove 1 year ago
nope
4goten2eat 2 years ago