01:00 - Begin of Recon 02:30 - Running Gobuster and examining the web page 05:10 - is the only page that accepts user input, basic testing for SQL Injection 05:40 - Using wfuzz to fuzz for special characters then getting our IP Banned :( 10:00 - Unbanned, running wfuzz again and examining unique responses 13:00 - Showing several ways to test for SQL Injection (subtraction and hex()) 16:30 - Examining the MySQL Query Structure 17:30 - Explaining Union Injection 21:15 - Nested queries with union statements 23:20 - Extracting information out of Information_Schema to databases, tables, columns 24:08 - Using LIMIT to ensure only one row is returned 25:25 - Using GROUP_CONCAT to allow us to return multiple rows within union 32:20 - Extracting Mysql users/passwords then cracking MySQL (mode 300) 35:10 - Another way to get the password, LOAD_FILE() to view PHP Source Code 42:30 - PHPMyAdmin RCE (LFI Tainted PHP Cookie) 57:40 - Dropping a shell via the PHPM
Hide player controls
Hide resume playing