1
00:00:00,700 --> 00:00:06,880
In this video, we will go through medium and high difficulty SQL injection challenges on dam vulnerable

2
00:00:06,880 --> 00:00:08,020
web application.

3
00:00:10,680 --> 00:00:12,840
In the previous video on SQL injection.

4
00:00:12,840 --> 00:00:19,140
We have already seen that if we put any ID in the user ID field, it lists down all the information

5
00:00:19,140 --> 00:00:21,150
on the specific category or user.

6
00:00:23,120 --> 00:00:29,030
Now to solve medium difficulty challenge, go to settings and set the difficulty to medium.

7
00:00:31,380 --> 00:00:34,740
This security level has a mitigation technique implemented.

8
00:00:34,890 --> 00:00:38,010
It uses MySQL real escape string function.

9
00:00:38,340 --> 00:00:41,490
While this does not allow the codes in the passed value.

10
00:00:41,520 --> 00:00:48,180
In our case we do not need them and we can simply bypass it with providing the payload without the apostrophe.

11
00:00:49,500 --> 00:00:55,350
We need to right click on the page and inspect the page and we need to use the payload within the select

12
00:00:55,350 --> 00:00:56,100
element.

13
00:00:56,700 --> 00:00:59,490
And once you click submit, you will get the results.

14
00:01:01,680 --> 00:01:03,510
So we are on our way.

15
00:01:04,140 --> 00:01:06,270
Just change the security level to medium.

16
00:01:11,340 --> 00:01:13,710
The move to the SQL injection challenges.

17
00:01:16,900 --> 00:01:21,360
And here you can see that we can only select user IDs from the drop down list.

18
00:01:21,370 --> 00:01:25,060
And if we submit any user ID, we get information.

19
00:01:29,500 --> 00:01:31,990
Now, right click on the page and inspect the page.

20
00:01:33,900 --> 00:01:36,450
Navigate to the user ID dropdown menu.

21
00:01:38,540 --> 00:01:45,380
And within the select element, the any value use the payload as shown on the screen without the apostrophe

22
00:01:45,560 --> 00:01:46,580
or quotes.

23
00:01:51,720 --> 00:01:55,320
And you can see that information of all users is dumped out.

24
00:01:58,720 --> 00:02:03,610
No for high difficulty, go to settings and set the difficulty to high.

25
00:02:05,110 --> 00:02:11,080
The high severity SQL injection example requires entering user ID on another page.

26
00:02:11,470 --> 00:02:16,840
However, this does not change the fact that the vulnerability exists and we can use the same payload

27
00:02:16,840 --> 00:02:19,030
as we used for the low security level.

28
00:02:21,420 --> 00:02:26,050
Once you open the page, submit the page on the new tab and you will get the results.

29
00:02:30,670 --> 00:02:34,120
So back on set, the security level too high.

30
00:02:36,600 --> 00:02:38,490
And move to SQL injection tab.

31
00:02:41,470 --> 00:02:43,960
Once you click, change your link.

32
00:02:45,890 --> 00:02:47,270
A new tab will open.

33
00:02:50,070 --> 00:02:54,990
Once you provide the session IDs here, you will get the information displayed in the previous step.

34
00:02:57,240 --> 00:03:00,540
So just use the payload here as shown on the screen.

35
00:03:05,830 --> 00:03:07,060
And click on Submit.

36
00:03:09,520 --> 00:03:12,010
And the information is dumped on the main tab.

37
00:03:17,040 --> 00:03:22,170
So we have successfully completed medium and high challenges on SQL injection on Dvwa.