1
00:00:00,730 --> 00:00:08,080
In this video, we are going to see another payload for doing a squirrel injection, so the query remains

2
00:00:08,080 --> 00:00:08,680
the same.

3
00:00:08,980 --> 00:00:16,840
Your select start from student where you name equals Edman and buzz equals single and single code.

4
00:00:16,840 --> 00:00:22,260
Whatever the user is going to enter is going to be appended a word and a real.

5
00:00:23,550 --> 00:00:29,750
So whatever username you are going to enter into, the application is going to go and up and over here

6
00:00:29,760 --> 00:00:35,610
and do the ready and whatever password you are going to enter in is going to depend on where you are.

7
00:00:36,030 --> 00:00:43,160
And this single cause, I assume, is already been there, kept by the developer.

8
00:00:43,500 --> 00:00:49,310
So they will have to make sure to balance this single code as well while we are entering the payload.

9
00:00:49,440 --> 00:00:51,760
That doesn't text becomes perfect.

10
00:00:51,930 --> 00:00:56,090
So when it goes to the database, Alberghetti should execute.

11
00:00:56,490 --> 00:01:00,930
So you're I am entering into the user name in Berfield.

12
00:01:00,930 --> 00:01:09,870
I am putting admin and at the place of password I am putting this payload, which is a single code or

13
00:01:10,050 --> 00:01:13,930
one equals one hyphen hyphen Soyo.

14
00:01:13,950 --> 00:01:16,140
What does this hyphen IFN mean.

15
00:01:16,560 --> 00:01:20,400
Hyphenation is commenting the rest of the query.

16
00:01:21,600 --> 00:01:27,720
You would have seen this double slash to commend your programmer code while you are using any other

17
00:01:27,720 --> 00:01:28,380
language.

18
00:01:28,830 --> 00:01:33,340
So Enescu Elby Yusaf and I want to commend the rest of the query.

19
00:01:33,780 --> 00:01:34,950
So this is all.

20
00:01:35,370 --> 00:01:43,260
My last single code is not functional because it is never going to execute because of the hyphen hyphen

21
00:01:43,260 --> 00:01:50,790
comments to not executable query is something like this, which is select start from the student where

22
00:01:50,800 --> 00:01:57,180
username equals admin and password equals nothing or one equals one.

23
00:01:58,790 --> 00:02:06,380
So let's break down the squaddie for the you name equals admin and password equals empty court or one

24
00:02:06,380 --> 00:02:10,160
equals one and rest of the things that already been coming to.

25
00:02:11,770 --> 00:02:18,730
So you're I am assuming that admin user also doesn't exist into the student table, so it is going to

26
00:02:18,730 --> 00:02:28,630
give me the output is false and password is empty again, it is going to give me false and all is a

27
00:02:28,630 --> 00:02:29,880
logical operator.

28
00:02:29,920 --> 00:02:31,490
After that we have four.

29
00:02:31,600 --> 00:02:34,750
One equals one, which is always a true condition.

30
00:02:34,940 --> 00:02:41,020
You can use a equals a big will be two equals two, five equals five.

31
00:02:41,020 --> 00:02:42,640
Whatever you feel like.

32
00:02:43,240 --> 00:02:51,370
Our intention is to make the query is true from your so you name equals admin which is going to give

33
00:02:51,370 --> 00:02:58,600
us false and password equals empty is again going to give us false or one equals one is going to give

34
00:02:58,600 --> 00:02:58,810
us.

35
00:02:58,810 --> 00:02:59,220
True.

36
00:02:59,740 --> 00:03:07,150
So let's evaluate this thing further falls and false will result in false or true.

37
00:03:07,390 --> 00:03:10,300
False or true will give you always true.

38
00:03:11,860 --> 00:03:18,820
So after the execution of this query, the database is going to allow you to enter into the application

39
00:03:19,210 --> 00:03:22,030
is the greatest result is through.

40
00:03:23,480 --> 00:03:30,290
It is only concerned that if the result is true, I'm going to allow the user to enter into the application.

41
00:03:30,560 --> 00:03:34,820
If it is false, I will not allow the user to enter into the application.

42
00:03:35,330 --> 00:03:38,890
I hope you understood the breakdown of this second ballot.

43
00:03:39,590 --> 00:03:45,380
So in the next video, we are going to see the practical of the same thing, what we have discussed

44
00:03:45,380 --> 00:03:46,250
in this video.

45
00:03:46,700 --> 00:03:47,840
Thank you so much.