SQL Injection Hacking Tutorial (Beginner to Advanced)

Learn SQL injection with Rana! Today's video demonstrates three SQL Injection attacks. Her course covers many more (9 hours of content) and you can get free access using the link below.
// Labs, scripts and documents //
Slides: github.com/rkhal101/Presentations/blob/main/2023/David-Bombal's-Channel/SQL%20Injection%20Video%20with%20David%20Bombal.pdf
Lab #1 Link: portswigger.net/web-security/sql-injection/lab-login-bypass
Lab #2 Link: portswigger.net/web-security/sql-injection/union-attacks/lab-retrieve-data-from-other-tables
Lab #3 Link: portswigger.net/web-security/sql-injection/blind/lab-conditional-responses
Lab #3 Python Script: github.com/rkhal101/Web-Security-Academy-Series/blob/main/sql-injection/lab-11/sqli-lab-11.py
// Course options //
You have multiple options:
1) UA-cam: Free to watch: ua-cam.com/video/1nJgupaUPEQ/v-deo.html
2) Udemy: www.udemy.com/course/mastering-sql-injection-the-ultimate-hands-on-course/?referralCode=922314AD50A8EF6BB043
3) Rana's Academy: 50% OFF Coupon Code: "DavidBombal500FF" academy.ranakhalil.com/
Rana explains the differences in this video: ua-cam.com/video/tuxukQ4gKOU/v-deo.html
// Real World Example //
OTW shows SQL Injection the real world: ua-cam.com/video/R1amgARgFDs/v-deo.html
// Book Rana Recommended //
Web Application’s Hacker’s handbook 2nd Ed by Dafydd Stuttard
US Link: amzn.to/3J90wZa
UK Link: amzn.to/3J7H2UT
// Rana's SOCIAL //
Twitter: twitter.com/rana__khalil
Academy: academy.ranakhalil.com/
UA-cam Channel: ua-cam.com/users/RanaKhalil101
Medium Blog: ranakhalil101.medium.com/
Rana Intigriti Interview: ua-cam.com/video/stXkOBZsNYo/v-deo.html&ab_channel=intigriti
// David's SOCIAL //
Discord: discord.gg/davidbombal
Twitter: twitter.com/davidbombal
Instagram: instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
// MY STUFF //
www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
// TIMESTAMPS //
00:00 Coming up
00:35 Disclaimer
00:40 Intro
01:00 Rana's first course
01:53 Rana's platforms
03:12 Support
04:00 SQL injection overview
05:05 SQL injection theory
09:15 Rana's background
10:19 SQL explanation
11:46 Presentation
13:10 1st lab
16:48 Discussion about practical Labs
17:57 Different types of SQL injection
21:41 2nd lab
32:14 Discussion about teaching
33:04 3rd lab
48:22 Discussion about labs
48:54 Password lockout
50:19 Cookie
51:29 3rd lab conclusion
51:49 Preventing SQL injection
57:57 Course information
58:34 SQL and developers
59:27 Course progression
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Disclaimer: This video is for educational purposes only.

Thank you for having me on your channel David! I'm very excited about this collaboration 😃

MashAllah ما شاء الله
Thank you sister Rana for the beautiful gif ZazakAllahu Kahir.
Support for her from Bangladesh 🇧🇩💐

This is gold! The way she explains everything is amazing. Makes it super simple and easy to follow. Definitely going to check out her full 9hr course.

You are One of the Best Teacher in UA-cam 🤗

Thank you so much, guys! I love your channel, David!

9 hours Christmas came early. This Weeknd is going to be fun 🎉 Thank you sir for always coming through

Thank you for making the course available on UA-cam, both you guys! God bless

God bless you both love to see more people helping others

Good to see you back Rana. Great seeing you back is awesome. you in the security field I believe is one great encouragement to ladies out there to as well join the security field. awesome. Thanks David as well.

Great content, Again!!
Thank you, David! Thank you, Rana!

Thanks david and Rana Khalil for this amazing course. Really i am very thankfull to both of you . Lots of love from india

everything explained very clear,,, such a great content david ''' we need more like this

This is awesome !!! I also love that Rana is a woman in this space and a Hijabi woman !! 🙌 it’s great to see, this is my 1st time swing this. Great content David yet again ! Thank you! This channel has alerted me to recent cyber threat methods, taught me so much and has also pointed me in the direction of great learning resources (books, labs, videos, teachers) and it’s super useful especially considering I’m a beginner in cyber security . Thanks ☺️

I LOVE YOU DAVIDDD. you always post great videos and explain it in such a way that's mesmerizing. I turned 17 this 13th of july and i have been watching your videos from the age of 13 . i really appreciate your content. you have given me soo much motivation and inspiration and have inspired me to choose cyber security as a career later in life. LOVE FROM PAKISTAN SIRR🥰🥰

just snagged it on udemy, You guyz are amazing. Stay Blessed

Thank you very much David and Rana!!

Convenient timing. I'm starting my first bug bounty with a VDP with the Dept. of State. I'm in the Recon stage but based on the progression it's possible I'd probably need a XSS or SQLi to find a bug. I already brought a short but practical course for XSS and now there's this recommended by the UA-camr who helped me get my CCNA via his Udemy Course, I know I can expect good training content.
Good luck to everyone in the comments.

Great video, We need more from Rana! Thanks.

Waooooo, was great to watch this video, thanks for share other level to learn sql injection; Thanks David and Rana 👍,

*Very informative and useful fr me* 🙏

Great Course, thank you so much.

Took this course on Udemy yesterday
Just one piece of feedback: The font on VS code needs to be a bit larger 😊

very well explained by Rana

شكرا الاستاذ ديفيد على المعلومات التى تنشرها لنا لك التحية من مصر

This is very interesting. God bless you more ..❤

She's really great and talented expert. Very helpful video😊

I love the way she explains things.

Amazing Stuff
Rana Khalil

Awesome work @rana and great content @david as usual !! Loved the mathematics joke btw 😀

im on a reskilling for employment type of programme and, instead of having my actual TEACHER do his job and explain this himself, he told us to follow this hour-long tutorial. no shade to you, mr. david, im just frustrated with the lack of preparation im getting if i am to get a job in this field.

absolutely love her ❤❤❤❤

Thank you David ,good job Rana 👍

Great collection

What a perfect new subject to learn.

What a great presentation

this give me goosebump, great content

David B.
Thanks lot man, This is one of your best Videos. This is so helpful with awesome information from Rana. Iam watching this video for 3rd time now.
Thank you

Because some people prefer Udemy, here are 1,000 free places to Rana's course (first 1,000 get the course for free): www.udemy.com/course/mastering-sql-injection-the-ultimate-hands-on-course/?couponCode=AC321B423BA301178A56

love from village (India) i most watch your video alway awesome

God bless you sister rana

wow great video!

David your doing great, bring intalactuls along side with recourses and lab
I appreciate for your kind affort brother

Absolutely brilliant stuff David! Where did you find this amazing legend? Rana, thank you so much.....am totally in!

Thanks David and rana ❤❤

I missed my last chance, not missing this one!!!!! Plus I love SQL work!!!!

Thank you sister
الحمدالله

Love your content ❤

Great ❤

Thankyou so much great tutorial leart alot😊❤

one question that comes to mind , can she have a program where she talk about how to help Iranian women getting safer communicating online ? thanks for the class today! I learned a lot as a total beginner from just listening this year!

Great as always 👑

thank you very much ❤❤❤

top,,, i like very good

David thank you so much for your work! I love your program. I'm about to buy the book of Occupy the Web "Getting Started Becoming a Master Hacker" but I have a doubt, 'cause I want to know if this book is updated. Could you please tell what you think? thank you again. You are amazing

Thank you David

Love it!!!!!!!!!!!!!!!!!!!!!

Fantastic!

Thanks a lot

thank you david SIR !

This is so profound, even for a learner. I've got an observation and a question, One would need the reconnaissance skill to fins out some details of the web app, like the username of the admin and other registered users, also, would like to know how to use burpe suite to create such proxy and connect the website we working on.
is it okay to show few tips of those before diving into the sql injection proper?
Thank you

i love your videos

Needed this!

Thank again I wating for this ❤

She's Good 👏👏👏💪

Love seeing intelligent women well-versed in cybersecurity 😉😉😁😁

Ya..???? This is best course in UA-cam @Rana

Love it 😌...kinda new to this tho

Danggg what an excellent teacher 😅

Masha allha good see you sisters

great video

Realy good content!
the onlyy thing is the background of Ranal video... if i look at the coding, she get blured and all i see is a funny flying head..

Wow, looks amazing content!
Many cheers to David and Rana!
And I like her voice too.
Is the Udemy course a giveaway too? Because it doesn't look alike by the link provided.
Happy weekend to you!

8 +HOURS OF LAB....SWEET

Thank you boss❤❤❤

Hello Mr. Bombal i wanna ask a question if you don't mind. How long you were in IT and cybersecurity and if you got something to say for a 17 years old geek can you tell.

Perfect Demos for new learners :-)

Great video.
Dumb question:
Does that '-- exploit only work if there are no line breaks in an SQL?

Thank you so much . I have already shut down and deleted over 20 government websites on my country

its been 11 years since someone teached me sql injection, and i never get bored

You are both always have a very good content

Excelente video, mas poderia ter tradução para português Brasil, por favor!

Hey david, do you know what is happening in India in the Manipur case

Hello David, can You make a video about Cyber Security, Thanks

Mashallah

I was like....whaaaat, this woman looks like an innocent housewife, would never expect this from her...hahaha nicely done

I’m diving to this

professor when you interview them and i watch, it seem like the same method i use but i dont find vulns only i tried brute forcing before i gain access and use cred to connect to protocols so please let them tell the magic they use in real world because it seems like studies. please i love your channel soo much thank you professor

As most of the developers use prepared statements, do you think there is still chance of sql injection, as most of the modern frameworks have sql inject prevention built into the security components?

Wow, I'm your next student

How does this password bruteforce initially work? It guesses each character based on what?

Poucos irão ver até o final!
Few will see until the end!

method POST is more saver, right?

can we login into others databases using the sql injection

Rana is the real life Trenton from Mr Robot. ☺

I tried enrolling into this course on udemy but I couldn't checkout

Hi David I had a problem shortly after installing Kali Linux, which is that I cannot access the internet even though the wifi is connected and after the ping test an error message appears temporary failure in name resolution, I have tried to fix it by following the instructions found on the internet but that did not solve the problem, I would like to ask your opinion as a professional in the field of cyber security

47:50 this is how Hollywood password cracking presented xD

SQL prepared statements and WAFs are eliminated all SQL injections threats in 2023 😋

🎉