1
00:00:01,320 --> 00:00:03,010
Hello and welcome to this video.

2
00:00:03,030 --> 00:00:08,790
In this video, we are going to see another lab for the second payload, which we have learned in the

3
00:00:08,790 --> 00:00:09,870
previous video.

4
00:00:10,350 --> 00:00:16,320
So there is one more amazing website to practice, a skill injection, which is called game dot com.

5
00:00:16,650 --> 00:00:21,700
So you can visit this website and you can perform as fuel injection labs for free.

6
00:00:22,170 --> 00:00:26,140
So, Eskil, gold injection is what we are going to do.

7
00:00:26,260 --> 00:00:31,920
You're the correct username and password is given on to the website itself, which is Edman.

8
00:00:32,310 --> 00:00:36,660
The user name is Edman and the password is Edman.

9
00:00:36,660 --> 00:00:37,580
One, two, three.

10
00:00:38,370 --> 00:00:44,580
So you will have to go down your you will see the code in which you will be able to see the query as

11
00:00:44,580 --> 00:00:44,910
well.

12
00:00:45,270 --> 00:00:49,130
So you just have to run this so that you will see the application.

13
00:00:49,740 --> 00:00:52,200
So there is some error.

14
00:00:53,310 --> 00:00:55,080
You will have to go up again.

15
00:00:55,110 --> 00:01:01,910
OK, so here is how the login screen looks like username and password, said the place of username.

16
00:01:01,920 --> 00:01:08,100
I am trying to put admin as a username and the place of password I am trying.

17
00:01:09,250 --> 00:01:17,770
Or some random thing, let's say A, B, C, D, E, F, so let's copy this thing and try to pasted

18
00:01:17,770 --> 00:01:20,050
over here and on login.

19
00:01:20,440 --> 00:01:22,600
So it is we were not found.

20
00:01:22,810 --> 00:01:28,230
So when you try with any random username and password, you are going to see this screen.

21
00:01:28,540 --> 00:01:34,810
So that is one drawback of this thing that you will have to reload it if you want to do the whole process

22
00:01:34,810 --> 00:01:35,250
again.

23
00:01:35,680 --> 00:01:39,970
So I am again going to go run the application.

24
00:01:39,970 --> 00:01:45,100
I copied the correct credential because I want to see how the screen looks like.

25
00:01:45,100 --> 00:01:49,930
If I enter in the correct password, I'm just going to type admin.

26
00:01:49,930 --> 00:01:50,830
One, two, three.

27
00:01:51,280 --> 00:01:55,570
Copy this and I'm going to pasted over and her don't log in.

28
00:01:55,600 --> 00:02:02,430
So when you put the correct credential you will be able to see the screen, which is her law apartment.

29
00:02:03,010 --> 00:02:05,800
So I am again going to try login now.

30
00:02:05,800 --> 00:02:07,510
I'm trying to bypass it.

31
00:02:07,510 --> 00:02:12,550
So I bought at the place of username admin and the place of password.

32
00:02:12,550 --> 00:02:17,140
I'm going to try this thing, what we have learned in the previous video.

33
00:02:23,420 --> 00:02:32,510
ABC single called Close or One Equals One, I make sure that I am not putting the closing single cord

34
00:02:32,720 --> 00:02:38,610
at the place of one because I am assuming it is already been there by the developer.

35
00:02:39,080 --> 00:02:44,440
So this is how I performed Escuela injection and I was able to log in and do the application.

36
00:02:44,440 --> 00:02:44,750
The order.

37
00:02:44,800 --> 00:02:48,110
If you scroll down, you will be able to see the standard output.

38
00:02:48,120 --> 00:02:50,050
But already we have tried.

39
00:02:50,480 --> 00:02:57,620
So with the query you will be able to see that our query is perfectly berlins of a payloaders perfectly

40
00:02:57,620 --> 00:03:03,890
berlins into the query, and it is allowing us to enter into the application with the help of this query.

41
00:03:04,220 --> 00:03:10,580
If you want to do for the labs, you can click on next Esquibel injection lab and you can do the processing.

42
00:03:11,890 --> 00:03:18,880
OK, so I got Peter Gregory from there, I pasted it over here on to the sublime and let's break down

43
00:03:18,880 --> 00:03:21,700
to understand what happened exactly at the back.

44
00:03:21,700 --> 00:03:29,050
And so username equals admin has given us proof because we have seen that admin user does exist into

45
00:03:29,050 --> 00:03:30,100
the user table.

46
00:03:30,580 --> 00:03:37,000
Password equals ABC is going to give us false because we don't know the correct password or one equals

47
00:03:37,000 --> 00:03:40,480
one or one equals one is going to give us.

48
00:03:40,480 --> 00:03:40,840
True.

49
00:03:41,260 --> 00:03:48,790
So if we do further processing true and false, false, false or true is going to give you true.

50
00:03:48,820 --> 00:03:51,920
And this is how you are logged in and do the application.

51
00:03:51,940 --> 00:03:53,770
I hope you understood this.

52
00:03:54,370 --> 00:03:55,570
Thank you so much.