every time I see the term SQL injection I think of PHP, because I'm a GenX dev and I was there when PHP became popular and dethroned PERL as the preferred web scripting language. The irony is that PHP became famous because it is extremely insecure as a programming language and almost everyday of the late 1990s and early 2000 security news were about some PHP site being hacked by SQL injections. PERL otoh came with a security feature that forced you to use any method to parse and check the data of anything that came outside of the computer, anything from sockets including a request had to be parsed in some way, usually a regex, and if the perl dev read the manual properly would avoid injections which it happen. PERL throws an error of "tainted variable" if you want to use it without parsing it. PERL5 at least I don't know if PERL6 does it.
PHP itself isn't inherently more insecure meaning you can make it secure, but people were just incompetent devs on security related stuff at the time, since web was still a new thing.
@@purplevanilla Yes, there are many ways to avoid those problems, by simply just not trusting the user to always do well behaved inputs, and SQL also has prepared statements. Just like C/C++ language has its own problems regarding memory allocation (since you have to do it yourself). Doesn't mean you can't do software well in those.
My preferred method of preventing injection when building a web app is parameterised statements. Send the query with placeholders, and send the strings to replace the placeholders.
@@hankpeterson628 no surprisingly, the strings to replace the placeholders are never combined with the query. It’s fool proof, I’m surprised people don’t talk about it more
@@hankpeterson628He probably means this: (python example) db.execute('SELECT userid FROM users WHERE name = ?', ('chuck',)) This protects your program against sql injections.
@@oh_finksCompletes a SQL statement that says log me in if imy username is "" and password is "" or if "" is "". Obviously nothing is equal to nothing. And the intex it pulls is usually index 0 which is the very first account created and thus usually an admin account.
This is good but old cuz so many website have protection to this so probably this works only for old websites or maybe some of the http websites. After all thank to chunk he teach us this attacks free
ANY website that still allows that to happen these, the company that owns it should never be allowed to hold data ever again - there really is no excuse
I work for altoro, I can't believe you did us dirty
HEHHEHH
they made it vurnable on purpose ima find ur account >:)
Stop lying kid
🤣🤣
No you dont
Thanks!
Literally just did a module on this today, cool stuff!
I like how you took it literally.
every time I see the term SQL injection I think of PHP, because I'm a GenX dev and I was there when PHP became popular and dethroned PERL as the preferred web scripting language. The irony is that PHP became famous because it is extremely insecure as a programming language and almost everyday of the late 1990s and early 2000 security news were about some PHP site being hacked by SQL injections.
PERL otoh came with a security feature that forced you to use any method to parse and check the data of anything that came outside of the computer, anything from sockets including a request had to be parsed in some way, usually a regex, and if the perl dev read the manual properly would avoid injections which it happen. PERL throws an error of "tainted variable" if you want to use it without parsing it. PERL5 at least I don't know if PERL6 does it.
I have 3 words: Bot or nerd
@@ibrahimasad8533does it matter? Information is information.
PHP itself isn't inherently more insecure meaning you can make it secure, but people were just incompetent devs on security related stuff at the time, since web was still a new thing.
@@KankipappaSo it's all depend on the programmers?
@@purplevanilla Yes, there are many ways to avoid those problems, by simply just not trusting the user to always do well behaved inputs, and SQL also has prepared statements.
Just like C/C++ language has its own problems regarding memory allocation (since you have to do it yourself). Doesn't mean you can't do software well in those.
this is soooo relevant! if you live in 2002
can you make a video about AI training on the cloud or fine tuning one ?
I am SQL
@@SQLxGuy bro thinks hes the main character
@@honker2 I am💀💀
@@honker2i think he's SQL
hes sql
@@SQLxGuy
and thats why you use prepared statements
Waiting😊
My preferred method of preventing injection when building a web app is parameterised statements.
Send the query with placeholders, and send the strings to replace the placeholders.
Isnt that vulnerable for escapes?
@@hankpeterson628 no surprisingly, the strings to replace the placeholders are never combined with the query.
It’s fool proof, I’m surprised people don’t talk about it more
@@hankpeterson628He probably means this: (python example)
db.execute('SELECT userid FROM users WHERE name = ?', ('chuck',))
This protects your program against sql injections.
Can you explain a DLL next?
my favorite injection is "'or ''=' lol
what does this do?
@@oh_finksCompletes a SQL statement that says log me in if imy username is "" and password is "" or if "" is "". Obviously nothing is equal to nothing. And the intex it pulls is usually index 0 which is the very first account created and thus usually an admin account.
What if the child’s first name is really Drop and the last name is Table?
Little bobby tables we call him
My favorite injection is ' OR '5'='5' /* lol
My best UA-camr ❤❤❤
This is good but old cuz so many website have protection to this so probably this works only for old websites or maybe some of the http websites. After all thank to chunk he teach us this attacks free
It would be useful.. like 20 years ago 😅
Pretty wild, but pycharm used to actually warn you, if you wrote code, which would make sql injections possible
Why do people still pronounce like that, it's S Q L not Sequel
Cant wait to see the faces of the SoC Team that needs to work Saturday and Sunday for Altoro
😂😂😂
ANY website that still allows that to happen these, the company that owns it should never be allowed to hold data ever again - there really is no excuse
Omg. I wish someone had moved it and progressed to check for this. Lol. If you know. You know.
exploiting old sites that uses php and MySQL is easy but finding them is hard
exactly ^^
Web crawler??
Input sanitization for the win
What kind of camera do you man?
"AN SQL" AHSHSHFUS
Does this work on all websites
Robert'); DROP TABLE Students;-- ? Ah yes, little Bobby Tables we call him.
where is the rest of the explaination?
Bro showing websites hacking tricks from the 90“s early 2000s
Only works on php websites? I forgot.. I used it long ago. And it gave me admin access.💀
daymmm
Full video need about this please 🙏
or read the docs?
ua-cam.com/video/2OPVViV-GQk/v-deo.html
There is one already on the Chanel
lol looooong are the days of SQL injection my friend
Boby tables
HUHHUHHUHHH imma have soo much fun with that HEHHEHH >:)
Not gonna youse it for i!!ige! Stuffs
BUTT IMMA DO SOME PRANKS WITH IT >:)
My database is full encrypted with aes512 😎
What about DDOS Attack?
I DID IT LETS GOO
What do you do for living?
Hi
Can u teach us how to recover our gmail account password from an hacker pls
Prepared queries hah...
Ty hack
Ok
anyone else get injected and is here 🙋♂
💀💀
Can i get free course website 😢please
ltt hq? linus screwdr1ver 😂
Do you have a separate beard channel?
This video is for people outise dev world so I can tolerate non hashed passwords and levels of abstractions and simplifications 😂
It's call a sqeal injection of diesel.
It's called S.Q.L blud
Does this work on Facebook
Most likely not, since most websites have programs to prevent SQL injections.
yes , but 15 yrs back it did
whats that for a question. thats facebook. never. but if you are a very very good hacker you can probably find a vuln
No cuz now days sql injection is being less and less usable or you need to do a crazy good payload to work in websites
@@shockd6235 true
Tragic that programmers are just that curropt, buuuuut just look at this page it looks cheap in first place
Can you make a kali linux video????
He's done multiple
@@ghosttheprogram6973 I know but new updates has come and new tools
I love that you pronounce it “sequel”, I feel validated without a doubt 😅❤
you never get to the point. Your GF probably feels the same way.
Man f. Chuck sucks 😢 the giid old days are gone do you guys remember hacking haydra,reverse shell,bash. 😢
First
little too cringe
useless reel. zero information shown. thanks for wasting my time
Second
Third
SQL Injection is like continuing the line like this:
Password: ' OR '1'='1'
This is because it continues a line of code
Lolz this video was so useless 😂
No one use raw sql command other than beginner 😂 , developer use orm for db