all InfoSec news
HackTheBox - Faculty - SQL Injection on Update Statements and Inject Shellcode with GDB!
Oct. 22, 2022, 3:07 p.m. | IppSec
IppSec www.youtube.com
01:01 - Start of nmap
02:10 - Testing login of the webapp, finding SQL Injection to bypass it
03:20 - Running gobuster with our cookie so it has access to any authenticated page
04:50 - Examining the course edit functionality and discovering how the page tells us if our update was a success
05:50 - Explaning the dangerous thing with update injections, we accidentally changed EVERY row.
08:45 - Extracting information from this Update Injection in MySQL …
faculty hackthebox inject injection shellcode sql sql injection update
More from www.youtube.com / IppSec
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Director, Threat and Attack Research
@ Singtel | Macquarie Park, Australia
Manager Information Security
@ Diebold Nixdorf | Remote, United States
Senior Analyst, IT Information Security
@ IHG | GA, United States
Eurizon Capital SGR - Compliance Senior Specialist
@ Intesa Sanpaolo | Milano, IT
Tier 1 Fusion Security Analyst
@ Nielsen | Bengaluru, India