This is great work! Appreciate you doing this. We need more creators that show practical applications of tools, techniques and tactics instead of simply discussing theory.
Thanks for another post Yaniv your a great guy and all of us really appreciate what you do! Make sure to take breaks so you don't get burnt out! WE LOVE YOUR VIDEOS
Please make beginner to advance level practical live website hacking, live website bug hunting, live website penetration testing, live website exploitation content video series... 🙏 😊 💯✌❤💚💙💜😍😘🤝
Depends on your goals. to become master hacker you need to be an expert in OS, Networking and Cybersecurity. in cyber there are many paths, so let me know your thoughts and i will guide you to the best of my knowledge
Great question! You're absolutely right-most modern database systems are configured with strict permissions and security measures that prevent uploading files directly to the database server. However, in certain scenarios, attackers may exploit vulnerabilities to achieve similar outcomes. Here’s how: Leveraging SQL Injection for File Writing: If the database user has file permissions and the database server is on the same system as the web server, attackers might use SQL injection to write a malicious file (e.g., a web shell) into a directory accessible by the web server. For example: INTO OUTFILE '/var/www/html/shell.php' This is rare in well-secured environments since DBAs usually restrict these permissions. Second-Stage Exploits: Even if file uploading isn't possible, SQL injection can sometimes be used to gain further access (e.g., retrieving sensitive data or executing commands via stored procedures) and move laterally within the environment. Understanding Upload Limitations: Modern databases and web applications often implement measures like parameterized queries, WAFs (Web Application Firewalls), and file validation to block such attacks. This is why it’s important for security teams to enforce least privilege and harden configurations.
I disagree, check out the content. Yet and im proud of it, im the second channel after David that works continuously with OTW. nothing wrong with that and many times not same subject as well.
This is great work! Appreciate you doing this. We need more creators that show practical applications of tools, techniques and tactics instead of simply discussing theory.
Thanks so much for the kind words 🙏
Yaniv thank you for this video! Stunning video! Always on point! OTW has the touch of Midas when he explain things.
Thx a lot my friend . How are you ?
@@yanivhoffman Everything is fine , how are you?
@@marinob7433 I’m great!
Thanks otw for this course ❤
Thanks for another post Yaniv your a great guy and all of us really appreciate what you do! Make sure to take breaks so you don't get burnt out! WE LOVE YOUR VIDEOS
Thanks so much ❤️
@yanivhoffman ?Hackers-arise website no longer active?
They switched to new site hackers-arise.net
Is there's another video coming for advanced SQL injection ?🤔
Yes we are planning as we wanted first to see the viewers feedbacks on this one
Super Interesting !!! Thx a lot
very interesting.
Do you plan to record a video with OTW about RTL-SDR hacking?
Or about radio signals in general
We did here is the link ua-cam.com/video/7z5SNEEyCfo/v-deo.htmlsi=iI0N0vaj6Jqbx7FF
@@yanivhoffman thanks.
This was really helpful for me, thank you
Thx so much
Please make beginner to advance level practical live website hacking, live website bug hunting, live website penetration testing, live website exploitation content video series...
🙏 😊 💯✌❤💚💙💜😍😘🤝
After the basics what area should be focused on?
Depends on your goals. to become master hacker you need to be an expert in OS, Networking and Cybersecurity. in cyber there are many paths, so let me know your thoughts and i will guide you to the best of my knowledge
What about upload shell most of the DBS don't let u to upload ¿
Great question! You're absolutely right-most modern database systems are configured with strict permissions and security measures that prevent uploading files directly to the database server. However, in certain scenarios, attackers may exploit vulnerabilities to achieve similar outcomes.
Here’s how:
Leveraging SQL Injection for File Writing:
If the database user has file permissions and the database server is on the same system as the web server, attackers might use SQL injection to write a malicious file (e.g., a web shell) into a directory accessible by the web server. For example:
INTO OUTFILE '/var/www/html/shell.php'
This is rare in well-secured environments since DBAs usually restrict these permissions.
Second-Stage Exploits:
Even if file uploading isn't possible, SQL injection can sometimes be used to gain further access (e.g., retrieving sensitive data or executing commands via stored procedures) and move laterally within the environment.
Understanding Upload Limitations:
Modern databases and web applications often implement measures like parameterized queries, WAFs (Web Application Firewalls), and file validation to block such attacks. This is why it’s important for security teams to enforce least privilege and harden configurations.
more OTW free mini courses?
Coming soon in Nov
GREAT!
Thx a lot
Sql injection brings memories😂 More videos like this❤
Coming soon (actually next week on hunting malware ) with hands on demo
Can you add translation please ❤
I add few. Which language ?
סרטון מטורף
תודה רבה ❤️ תשתף בבקשה אם אתה יכול זה יעזור
I think that this video should be titled as SQLite, or Basic SQL queries and not SQL Injection.
Thx for the comment. i actually agree and will modify
this channel is David Bombal-
I disagree, check out the content. Yet and im proud of it, im the second channel after David that works continuously with OTW. nothing wrong with that and many times not same subject as well.
@@yanivhoffman I was joking, all good. I understand you are you and David is David.
@@impostorsyndrome1350 hahaha all ok. David is great but indeed I’m am who I am. I try to make my own stuff.
Jeff knows his shit
I don’t know his real name :)
@@yanivhoffman Its Jeff
Bradtke Mill
круто
Thx a lot