1
00:00:00,600 --> 00:00:01,270
Welcome back.

2
00:00:01,710 --> 00:00:08,370
Let's talk about another big vulnerability in Web applications that involves databases, and that is

3
00:00:08,370 --> 00:00:10,280
called Ezekial Injection.

4
00:00:10,950 --> 00:00:13,770
So we already talked about how this works.

5
00:00:13,950 --> 00:00:18,690
So you find a user input on a website that communicates with the database.

6
00:00:19,140 --> 00:00:24,330
Usually those inputs are something like user names or passwords or a page where you're searching for

7
00:00:24,330 --> 00:00:27,580
some type of a product once you input product.

8
00:00:27,600 --> 00:00:31,050
The website communicates with the database to see if it has it.

9
00:00:31,470 --> 00:00:33,300
Then the database responds back.

10
00:00:33,480 --> 00:00:38,280
And all of that is done with the help of Ezekial language and Eskdale queries.

11
00:00:39,030 --> 00:00:46,080
But as usual, user input might not be well filtered and we might be able to inject ESKIL code there

12
00:00:46,110 --> 00:00:49,670
and send our own ESKIL queries to the database.

13
00:00:50,640 --> 00:00:55,480
Maybe on that website, there are online accounts and their passwords are stored in a database.

14
00:00:56,190 --> 00:01:02,100
If we were to find that SQL injection on a website like that, we could potentially extract usernames

15
00:01:02,100 --> 00:01:06,120
and passwords of all of the accounts through that ESKIL injection.

16
00:01:07,070 --> 00:01:14,210
This is an example of how an inquiry could look like it is very similar to English language, and what

17
00:01:14,210 --> 00:01:21,260
this statement essentially does is it selects some type of element from a table where some condition

18
00:01:21,260 --> 00:01:25,850
is fulfilled and table is just a part of database.

19
00:01:26,240 --> 00:01:29,540
Databases are consisted of tables and columns.

20
00:01:30,170 --> 00:01:32,150
Now, I would be real right here.

21
00:01:32,450 --> 00:01:38,450
If you're encountering SQL injection for the first time or ask your language for the first time, you

22
00:01:38,450 --> 00:01:40,520
might find this a little bit hard.

23
00:01:40,550 --> 00:01:44,380
However, through practice, this will become easier and easier.

24
00:01:44,960 --> 00:01:50,300
Here we can see an example of how a real world Eskil query could look like.

25
00:01:51,310 --> 00:01:59,320
Here, books are our table from the database, it is our condition, and this star sign indicates that

26
00:01:59,320 --> 00:02:06,160
we want to extract everything usually in programming, world star sign means everything.

27
00:02:07,000 --> 00:02:13,750
Great, now that we know behind the scenes of how an injection works, let's try to perform one on our

28
00:02:13,750 --> 00:02:15,160
TBWA page.

29
00:02:16,110 --> 00:02:17,310
So let's go right here.

30
00:02:17,340 --> 00:02:20,670
Log in, as usual, to our TBWA Page.

31
00:02:23,850 --> 00:02:30,820
And let's first select a security to allow and navigate to the Ezekial injection.

32
00:02:31,150 --> 00:02:35,880
Now, you might notice that we also have Eskil injection blind, and this is something that we are going

33
00:02:35,880 --> 00:02:37,100
to talk about later on.

34
00:02:37,380 --> 00:02:40,530
For now, let's just focus on this ESKIL injection tap.

35
00:02:41,100 --> 00:02:42,820
So what do we have right here?

36
00:02:42,990 --> 00:02:49,290
We have something called user ID and usually we would input something like a number right here.

37
00:02:49,500 --> 00:02:50,940
So let's give it a try.

38
00:02:50,950 --> 00:02:54,810
For example, input number one and click on Submit.

39
00:02:56,390 --> 00:03:04,490
Well, it will tell me that the idea of one is a user with the first name admin and surname admin and

40
00:03:04,490 --> 00:03:10,700
that user has ID want what if we type two, for example, we click on Submit.

41
00:03:11,090 --> 00:03:17,420
Well, we got a user ID to his name is Gordon and his last name is Brown.

42
00:03:17,960 --> 00:03:21,140
And we can go for each and every number if we want.

43
00:03:21,140 --> 00:03:25,640
For example, the ID five has first name Bob and last name Smith.

44
00:03:26,410 --> 00:03:34,780
But to search for the Eskild injection, what we can do is we can type some special characters and that

45
00:03:34,780 --> 00:03:43,270
might throw an error if there is an injection, for example, if I type apostrophe or a single quote

46
00:03:43,690 --> 00:03:45,130
and I click on Submit.

47
00:03:46,510 --> 00:03:53,410
People throw me this error, it will say you have an error in your Ezekial syntax, check the manual

48
00:03:53,410 --> 00:03:59,310
that corresponds to your MySQL server version for the right syntax to use near line one.

49
00:03:59,950 --> 00:04:07,780
And this already is an indication that we have Eskil injection bug since it interpreted our apostrophe

50
00:04:07,780 --> 00:04:09,780
as a part of Ezekial syntax.

51
00:04:10,390 --> 00:04:14,710
So for now, we know that there is an error because we got the error syntax.

52
00:04:14,710 --> 00:04:19,320
But before we continue, let's first explain why does this give an error?

53
00:04:19,360 --> 00:04:21,880
Why using a single quote gives us an error?

54
00:04:22,890 --> 00:04:26,010
Well, let me show you like this, if I open terminal.

55
00:04:27,290 --> 00:04:35,840
Let's just go and find a program that will allow us to write text and here we got some text editor under

56
00:04:35,840 --> 00:04:37,280
the usual applications.

57
00:04:37,290 --> 00:04:43,280
I'm going to open that and I'm going to enlarge it just so we can type something right here.

58
00:04:44,090 --> 00:04:49,600
And now that we open this, let's explain why apostrophe gives an error in Eskil syntax.

59
00:04:50,150 --> 00:04:57,200
But as we already mentioned in our slides, usually we will have an Ezekial syntax or an Eskil query

60
00:04:57,800 --> 00:04:59,300
that will look something like this.

61
00:04:59,310 --> 00:05:05,290
So select and then something from a certain table where some condition is fulfilled.

62
00:05:05,540 --> 00:05:12,140
And for our page right here, if I go back, since we have user I.D., first names and last names,

63
00:05:12,140 --> 00:05:14,140
it could possibly look something like this.

64
00:05:14,150 --> 00:05:21,470
So select name, comma, surname from the table that could be named something like accounts if we don't

65
00:05:21,470 --> 00:05:28,270
know that yet, where ID equals and then the ID number goes between single quotes.

66
00:05:28,520 --> 00:05:34,760
So this could possibly be our Ezekial query that we sent to the database and then the database retrieves

67
00:05:35,060 --> 00:05:37,010
the user under the ID to.

68
00:05:38,050 --> 00:05:45,880
But what happens when we type apostrophe is instead of these two and instead of it filtering the apostrophe,

69
00:05:46,180 --> 00:05:53,020
it just writes it between these two single quotes and then we get three single quotes, the opening

70
00:05:53,020 --> 00:05:57,580
single quote, and then our single quote, reinjected becomes the closing single quote.

71
00:05:57,850 --> 00:06:01,300
And then the third one is the single quote that's hanging.

72
00:06:01,300 --> 00:06:03,000
It doesn't belong to anything.

73
00:06:03,010 --> 00:06:05,750
Therefore, the Eskil throws an error.

74
00:06:05,950 --> 00:06:08,580
It has one single quote more than it should have.

75
00:06:08,980 --> 00:06:13,330
And whenever that happens, you got an injection bug.

76
00:06:13,350 --> 00:06:18,550
And this is also called the error based ESKIL injection, because it throws us an error.

77
00:06:19,210 --> 00:06:22,650
On the other hand, we got the blindest kill injection that doesn't throw an error.

78
00:06:22,660 --> 00:06:27,280
So there are some other methods that we must use for that one in order to figure out whether it exists.

79
00:06:28,180 --> 00:06:33,850
Now that we know that there is an ESKIL injection, what we can do is we can type some other statements

80
00:06:33,850 --> 00:06:34,200
as well.

81
00:06:34,210 --> 00:06:40,330
For example, we can select the ID number two and then close the single quote inside of that Tasco query.

82
00:06:40,750 --> 00:06:47,260
And we can type some logical statements, such as, for example, and one equals one.

83
00:06:47,860 --> 00:06:53,320
And keep in mind that this right here, if I copied and write it down.

84
00:06:55,730 --> 00:07:02,360
Has single quotes between the numbers, and it doesn't have the single quote at the end, because inside

85
00:07:02,360 --> 00:07:09,140
of our query we already have a single quote at the end of this single quote will cover the last part

86
00:07:09,140 --> 00:07:09,740
of this one.

87
00:07:09,860 --> 00:07:13,590
And this first quote will cover the first part of this, too.

88
00:07:14,210 --> 00:07:18,830
So essentially, once added to our Ask Your query, it would look something like this.

89
00:07:19,670 --> 00:07:26,330
Instead of this single quote, we would have this and you can see these opening and closing single quote

90
00:07:26,330 --> 00:07:27,730
fulfills our statement.

91
00:07:28,370 --> 00:07:35,850
Let's give it a try and run this and we'll just get the information about user under the Editta.

92
00:07:36,320 --> 00:07:38,990
And that is because our statement is correct.

93
00:07:38,990 --> 00:07:45,950
So we select the user Editta and we say do that in case one is equal to one and one is equal to one.

94
00:07:45,960 --> 00:07:48,560
So there are no problems such as the user name.

95
00:07:48,770 --> 00:07:56,030
But if we were to type the same comment, just change one equals two and click on submit, we wouldn't

96
00:07:56,030 --> 00:07:58,240
get any output right here.

97
00:07:59,000 --> 00:08:01,580
That is because one is not equal to two.

98
00:08:01,850 --> 00:08:05,540
Therefore it won't print the user under the ID to.

99
00:08:06,640 --> 00:08:12,490
That could be another sign that there is an Ezekial injection now that we know for sure that there is

100
00:08:12,490 --> 00:08:16,550
an injection, if we can try some other comments, such as, for example, this one.

101
00:08:16,750 --> 00:08:24,250
So if you go down here and type two single quote, and this is just us selecting the ID number two and

102
00:08:24,250 --> 00:08:32,820
then use a statement called Order by one and add dash, dash and space and single quote at the end.

103
00:08:33,580 --> 00:08:35,140
So let's explain this comment.

104
00:08:35,330 --> 00:08:41,080
The reason we have this dash dash space and then single quote is because that is referred to as a comment.

105
00:08:41,110 --> 00:08:42,670
This dash dash is a comment.

106
00:08:42,850 --> 00:08:49,210
And we must add this at the end of our statement, at the end of our query, because otherwise it would

107
00:08:49,210 --> 00:08:50,430
throw us an error.

108
00:08:50,710 --> 00:08:57,280
We must have it so we don't get error when running our ESKIL comments and ordered by one will just check

109
00:08:57,280 --> 00:08:58,450
whether there is column one.

110
00:08:58,630 --> 00:09:01,870
And we are going to do that for two for three as well.

111
00:09:01,870 --> 00:09:04,930
And we're going to see how many columns do we have.

112
00:09:06,010 --> 00:09:07,480
So if I copied this.

113
00:09:09,870 --> 00:09:13,410
And go back to here based this click on Submit.

114
00:09:14,370 --> 00:09:20,510
We'll get an output first name Gordon and surname Brown, that means this is a valid statement.

115
00:09:20,910 --> 00:09:23,240
Let's try with order by two.

116
00:09:23,520 --> 00:09:26,700
So just change from one to two and click on Submit.

117
00:09:27,090 --> 00:09:31,800
And this is also by the statement because we get the first name and surname.

118
00:09:32,250 --> 00:09:36,390
And if we try number three and click on submit.

119
00:09:37,420 --> 00:09:45,000
Well, there is an unknown column three in order class, and that's how we know that we have to count.

120
00:09:45,530 --> 00:09:48,090
Now, let's see what those two columns are.

121
00:09:48,550 --> 00:09:57,490
If I go and type this comment and I'm going to type it right here, first two as our ID and then Unión,

122
00:09:57,910 --> 00:10:00,520
select one and two.

123
00:10:00,820 --> 00:10:06,310
And let's not forget our comment at the end by specifying Dash Dash and then saying quote, If a copy

124
00:10:06,310 --> 00:10:06,610
this.

125
00:10:09,060 --> 00:10:11,730
And they paste it right here, click on Submit.

126
00:10:12,540 --> 00:10:19,080
OK, so we get this output right here, the first name for the Editta and we get the first name one

127
00:10:19,080 --> 00:10:20,280
and surname two.

128
00:10:20,970 --> 00:10:27,330
Now that we know that we have two columns and that we have an injection vulnerability, we're going

129
00:10:27,330 --> 00:10:29,370
to start extracting data.

130
00:10:30,270 --> 00:10:37,110
So we know that we have to output fields, the first name and the surname field, so we're going to

131
00:10:37,110 --> 00:10:40,920
try to extract the database name and the user of the database.

132
00:10:41,490 --> 00:10:50,820
To do that, we can type the command to to select the user ID and then union select and we're going

133
00:10:50,820 --> 00:10:57,240
to type database open and close brackets and comma user open close brackets.

134
00:10:57,280 --> 00:11:03,750
At the end we add our comment with a single vote and here we are specifying the functions called database

135
00:11:04,020 --> 00:11:05,100
and user.

136
00:11:05,910 --> 00:11:08,960
These two functions are already defined in my school.

137
00:11:09,630 --> 00:11:15,330
So let's copy this comment just to see the name of the database and the name of the user and type it

138
00:11:15,690 --> 00:11:16,410
right here.

139
00:11:17,330 --> 00:11:25,760
And we get the first name which will store the database name, which is W A and the surname or the user,

140
00:11:25,790 --> 00:11:28,880
which is going to be viewed at localhost.

141
00:11:29,690 --> 00:11:36,930
Now that we know this, we can try to track the list of the databases by injecting the following comment.

142
00:11:37,280 --> 00:11:43,990
So after this, we once again start with two and then you select these select statements.

143
00:11:44,000 --> 00:11:46,130
You can also type in capital letters.

144
00:11:46,160 --> 00:11:47,090
It doesn't really matter.

145
00:11:47,090 --> 00:11:49,550
You can type capital or lowercase letters.

146
00:11:49,850 --> 00:11:53,370
What matters is that you type the correct command syntax.

147
00:11:53,840 --> 00:12:06,350
So right now we are going to call for Schimmer underscore name, comma to from information underscore.

148
00:12:06,530 --> 00:12:07,550
And let me just.

149
00:12:08,400 --> 00:12:13,320
And this so the entire command can fit to deal from information, underscore Cima.

150
00:12:16,330 --> 00:12:21,940
Dot, Shmita, Dash, dash, and then close single quote.

151
00:12:22,660 --> 00:12:26,440
OK, so let's just go with this and see what do we get with this comment?

152
00:12:26,680 --> 00:12:31,270
If I copy, go to my page and paste it right here.

153
00:12:32,390 --> 00:12:39,570
Well, we get quite a few results back and we essentially get different databases outputted right here.

154
00:12:40,160 --> 00:12:45,800
We got our TBWA database, we got Mathus per database, MySQL database was spent.

155
00:12:46,160 --> 00:12:53,450
And since we are doing this all inside of the WPA application on our anticipatable, we would most likely

156
00:12:53,450 --> 00:12:57,080
be interested in this D.V. a result.

157
00:12:57,500 --> 00:13:00,560
So let's try to extract even more from it.

158
00:13:01,590 --> 00:13:09,840
We can use the following comment, which is I did, too, and then union select table, underscore name,

159
00:13:10,380 --> 00:13:15,180
comma, kill from information on discourse cima.

160
00:13:17,060 --> 00:13:24,210
Not tables might be wondering what even art is, and this is just regular syntax for the language.

161
00:13:24,590 --> 00:13:30,430
These are just something that you will get used to over time once we type from information shemar that

162
00:13:30,470 --> 00:13:36,830
tables where the table on this kortchmar is going to be equal to the one that we want.

163
00:13:36,830 --> 00:13:38,510
And in our case, that is divi.

164
00:13:39,230 --> 00:13:48,170
So we can just type equal open single quote w a close single quote and then our comment dash dash quote.

165
00:13:49,360 --> 00:13:50,210
Let's go, P..

166
00:13:53,410 --> 00:13:57,520
Entire command copied and pasted right here.

167
00:13:58,560 --> 00:14:03,810
Now, I'm not sure if I copied entire comments, I'm just going to go back and add what's missing,

168
00:14:03,810 --> 00:14:08,040
which is two and then single quote, and then you click on submit.

169
00:14:09,320 --> 00:14:10,530
And here is the output.

170
00:14:10,670 --> 00:14:18,330
So with this comment, we sent a query where we requested names of all the tables inside the W8 database.

171
00:14:19,130 --> 00:14:23,030
We got two results, which is guestbook and users.

172
00:14:23,600 --> 00:14:27,510
And this users right here could be interesting for us.

173
00:14:27,530 --> 00:14:29,340
So let's dive deep into it.

174
00:14:29,630 --> 00:14:33,590
We want to extract columns inside of this user's table.

175
00:14:34,410 --> 00:14:37,920
We can do that by injecting this comment right here.

176
00:14:39,340 --> 00:14:45,400
So let me just make a few spaces and type next command, which we, as usual, start with two and then

177
00:14:45,430 --> 00:14:47,470
apostrophe union.

178
00:14:49,040 --> 00:14:53,270
Select and now we're selecting columns, so we are going to type instead of table name.

179
00:14:53,300 --> 00:15:02,410
We're going to type column, underscore name, comma, column, underscore type from information on

180
00:15:02,420 --> 00:15:09,090
discourse, cima dot columns remembering the last command we used dot tables.

181
00:15:09,110 --> 00:15:15,740
Now we are using dot columns because we are furthermore diving into our database and we need a condition

182
00:15:15,740 --> 00:15:16,310
at the end.

183
00:15:16,310 --> 00:15:29,410
So we're table underscore cima is going to be equal to D.V. w a and table underscore name equals users.

184
00:15:30,290 --> 00:15:36,230
So remember we got two results right here and we want to go with the users one first, because that

185
00:15:36,230 --> 00:15:39,830
looks more interesting to us than this guest book table.

186
00:15:41,190 --> 00:15:46,170
OK, so let's go to this comment and now I'm going to copy the entire comment.

187
00:15:48,040 --> 00:15:52,060
So select copy and paste right here.

188
00:15:53,000 --> 00:15:54,590
And click on Submit.

189
00:15:55,740 --> 00:15:59,410
And again, we get a lot of results here they are.

190
00:15:59,970 --> 00:16:06,000
Can you guess which one out of all of these columns are most interesting to us, if you guessed the

191
00:16:06,000 --> 00:16:06,810
password one?

192
00:16:07,410 --> 00:16:14,550
Well, you guessed right, but we also want to extract other columns as well, such as usernames, which

193
00:16:14,550 --> 00:16:21,210
we get right here, such as first names, last names, IDs as well, and all of that we want to extract.

194
00:16:21,780 --> 00:16:28,500
To do this, we will need to use the concat function because we only have two fields available to input

195
00:16:28,740 --> 00:16:29,790
our result.

196
00:16:30,330 --> 00:16:35,820
So we must concat a few results in one field and the rest of the results in the other field.

197
00:16:36,480 --> 00:16:43,680
We can concat, for example, user ID, first name and last name in the first name field, and we can

198
00:16:43,780 --> 00:16:47,760
conquer the usernames and passwords in the surname field.

199
00:16:48,300 --> 00:16:50,760
So let's see how that combined would look like.

200
00:16:50,760 --> 00:17:00,840
If I go back and add a few more spaces, let's type two and then apostrophe union select and then use

201
00:17:00,840 --> 00:17:04,560
the concat function to concat multiple fields into one.

202
00:17:04,560 --> 00:17:08,160
And we can do that by specifying which fields we want inside of this function.

203
00:17:08,640 --> 00:17:16,050
Let's type user underscore ID as a first field comma and we are going to separate them with two dots.

204
00:17:16,050 --> 00:17:21,290
So comma and then first underscore name, which is going to be our second field comma.

205
00:17:21,600 --> 00:17:22,920
Let's use again two.

206
00:17:22,920 --> 00:17:26,420
That's two separate that also from the last name.

207
00:17:27,000 --> 00:17:31,080
And these are the three fields that we are going to get into first result.

208
00:17:31,710 --> 00:17:38,640
Then after it we want to type comma and concat the usernames and passwords into.

209
00:17:39,880 --> 00:17:40,690
Second result.

210
00:17:41,110 --> 00:17:48,820
So let's put it like this password and at the end specify from where are we extracting all of this?

211
00:17:49,150 --> 00:17:55,920
And in our case, since our database is called WPE, we're also accessing the user's table.

212
00:17:56,440 --> 00:17:58,720
So we must type it like this.

213
00:17:58,900 --> 00:18:03,340
So extract all of this from w a dot user's.

214
00:18:04,570 --> 00:18:06,130
Add the comment at the end.

215
00:18:07,640 --> 00:18:09,320
And let's copy all of this.

216
00:18:17,430 --> 00:18:25,350
Well, here it is, here is all of the information about all of the users from this database in the

217
00:18:25,350 --> 00:18:31,860
first name field, we get the user I.D. followed by the first name, followed by the last name.

218
00:18:32,490 --> 00:18:37,800
And in the surname field, we get the username and password.

219
00:18:38,490 --> 00:18:44,160
So we successfully performed ESKIL injection and we extracted all of the information about all of the

220
00:18:44,160 --> 00:18:46,020
users inside of their database.

221
00:18:46,600 --> 00:18:50,520
But you will notice that passwords are rather strange, right?

222
00:18:51,240 --> 00:18:53,000
This is because they are Hashd.

223
00:18:53,430 --> 00:19:00,000
Usually websites store hash value of passwords inside their database for security reasons, since even

224
00:19:00,000 --> 00:19:05,760
if something like an injection happened and someone managed to extract the entire database, they wouldn't

225
00:19:05,760 --> 00:19:11,760
get passwords in plain text, but rather as hash value that they need to run a dictionary attack on

226
00:19:11,760 --> 00:19:14,010
in order to find it in plain text.

227
00:19:14,790 --> 00:19:19,020
And by looking at them, I would say that this is probably a modified hash.

228
00:19:19,680 --> 00:19:23,300
We can figure this out by copying one of these passwords.

229
00:19:23,310 --> 00:19:24,510
So let's go with this one.

230
00:19:24,510 --> 00:19:30,240
For example, going to Google and just pasting it inside of this search bar.

231
00:19:32,960 --> 00:19:38,240
And we can see most of the results are empty, five and five and five, so we can guess that this is

232
00:19:38,240 --> 00:19:39,410
an empty five hash.

233
00:19:39,710 --> 00:19:45,770
And since this is an easy password, if I click on this link, it will even tell me which password this

234
00:19:45,770 --> 00:19:46,870
empty five hash is.

235
00:19:47,450 --> 00:19:50,690
So it is the password A.B.C. one to three.

236
00:19:51,530 --> 00:19:59,150
So if I go back to this page, we can conclude that Cordin has a password of ABC one, two, three,

237
00:19:59,150 --> 00:20:05,290
because this website showed us what is the string of this hash that we pasted.

238
00:20:05,900 --> 00:20:08,000
We can do that for any other hash as well.

239
00:20:08,240 --> 00:20:12,130
As long as it is a simple password, it should manage to find it online.

240
00:20:12,440 --> 00:20:15,020
If I go and paste this one, for example.

241
00:20:16,960 --> 00:20:22,090
Go right here, click on this website and the five hash for password is this.

242
00:20:22,420 --> 00:20:27,130
So it seems that our empty five hash is a string of password.

243
00:20:27,730 --> 00:20:38,320
So our user called admin has a password that is simply just password, and that is how you extract the

244
00:20:38,320 --> 00:20:41,410
entire database with the ESKIL injection vulnerability.

245
00:20:42,190 --> 00:20:47,410
Now, this is probably the hardest bug that we are going to cover inside the Web application section,

246
00:20:47,620 --> 00:20:54,220
and it might take some time for you to get used to it and to get used to all of this as syntax that

247
00:20:54,220 --> 00:20:55,270
we performed right here.

248
00:20:55,510 --> 00:21:01,060
For example, these database functions, user functions could be known by someone that already knows

249
00:21:01,090 --> 00:21:07,030
Ezekial, since these are already the inbuilt functions and that also stands for all of these syntax

250
00:21:07,030 --> 00:21:13,080
like table name, like information, underscore CIMA that columns and the rest of these comments.

251
00:21:13,720 --> 00:21:19,180
But if you practice it more and more, you will eventually get better at performing ESKIL injection.

252
00:21:19,900 --> 00:21:20,880
OK, great.

253
00:21:21,220 --> 00:21:27,280
So we performed as injection and in the next video we're ready to continue discovering even more bugs

254
00:21:27,280 --> 00:21:29,250
on our TBWA application.

255
00:21:29,800 --> 00:21:30,370
So you better.