SQL injection with Filter Bypass via XML Encoding

Опубликовано: 16 Январь 2023
на канале: Intigriti

10,909

218

👩‍🎓👨‍🎓 Learn about SQL Injection vulnerabilities. In this video, we are going to have a look at how to exploit an SQLi vulnerability, bypassing WAF filters via XML encoding. We'll also explore SQLMap tamper scripts and [attempt] to debug encoding issues.

EDIT: a couple of people reached out with a workaround for the SQLMap encoding issue. I tested the solution and confirmed this does work with the challenge:   / 1615054152291258385

Overview:
0:00 Intro
0:15 Background
1:48 Lab Description
2:29 Review Web App Functionality
3:18 WAF Enumeration
4:43 WAF Filter Bypass
6:30 Recover Credentials with SQLi
9:09 Bonus: SQLMap Tamper Scripts
19:17 Conclusion

For more information, check out https://blog.intigriti.com/hackademy/... and   / 1612444237106126850

🔗 ‪@PortSwiggerTV‬ SQL Injection Challenge: https://portswigger.net/web-security/...

🧑‍💻 Sign up and start hacking right now - https://go.intigriti.com/register

👾 Join our Discord - https://go.intigriti.com/discord

🎙️ This show is hosted by   / _cryptocat   ( ‪@_CryptoCat‬ ) &   / intigriti

👕 Do you want some Intigriti Swag? Check out https://swag.intigriti.com