CTF Guide / Python Prjoect - Automating SQL Injection

Поділитися
Вставка

КОМЕНТАРІ • 7

  • @kaueberto8384
    @kaueberto8384 7 днів тому

    So instructive. Thanks for your channel!

  • @heathbruce9928
    @heathbruce9928 Місяць тому

    Does this attack work with Microsoft sites? The normal Ms query has brackets which would cause the query to fail.

    • @gand0rfTRZ
      @gand0rfTRZ  Місяць тому +1

      It all depends on the database used on the backend. Thats why it is normally a good habit to have several txt files with different payloads.
      Scripts like this can also be tweeked for different cases. Or you can make several scripts. One for sql, nosql, or what ever you come across. The key is learning the differences and building a tools that can work with the different types.

  • @Evan-bjc4w
    @Evan-bjc4w Місяць тому +2

    Any ways to protect my site from this?

    • @gand0rfTRZ
      @gand0rfTRZ  Місяць тому +1

      Input validation and an IDS like Suricata would go a long way to help.

    • @Evan-bjc4w
      @Evan-bjc4w Місяць тому

      @@gand0rfTRZ what is ids?

    • @gand0rfTRZ
      @gand0rfTRZ  Місяць тому

      Intrusuon Detection System. I use suricata on my web site. I had a big problem with spray and pray ssh login attempts. After setting it up and adding a rule to drop ssh connects, and adding a ufw rule to only allow ssh logins from the ip address of a mchine I control. The ssh brute forcing has been stopped and isnt taking up resources on my server or clogging up my SIEM logs.