SQL injections (2/2)

Slightly more advanced SQL injection techniques, including figuring out column and database names using information_schema, as well as attacking a database that doesn't spit out errors. I'm working with DVWA which is a PHP/MySQL web application designed to be vulnerable.

Note that their notion of "blind" SQL injection just means that there are no errors displayed. However, in web application jargon, usually "blind injection" means that the website is able of giving only one bit of information per request. I will make a separate video on truly blind SQL injections.

This is a video of a series on web security. The previous part is on bare-bones SQL Injections:

   • SQL injections (1/2)  

You can run your own DVWA VM by grabbing it from vulnhub:

https://www.vulnhub.com/entry/damn-vu...

My wallpaper can be found here:

http://knkl.deviantart.com/art/Casual...

Thanks for watching! If you liked this video, don't forget to 👍 and +subscribe :) Leave a comment if you have questions or suggestions.

I've just created a Patreon where you can buy me a cup of coffee. Thanks so much for supporting me!   / dionyziz