1
00:00:00,060 --> 00:00:01,870
Hello and welcome to this video.

2
00:00:02,100 --> 00:00:08,640
In this video, we are going to see practically what we have seen in the previous video about the logic

3
00:00:08,640 --> 00:00:10,200
of Ezekial injection.

4
00:00:12,480 --> 00:00:19,590
You can visit to this amazing website that is planning dot com Verint, you'll get amazing labs.

5
00:00:21,510 --> 00:00:27,660
This labs are made intentionally vulnerable so that you can practice on it and you can prepare yourself

6
00:00:27,660 --> 00:00:30,130
to get into real bug bounty hunting.

7
00:00:30,390 --> 00:00:31,810
So let's get started.

8
00:00:32,550 --> 00:00:40,980
Once you visit on this Web site that is planning dot com, you can scroll down and you'll see this Ezekial

9
00:00:40,980 --> 00:00:41,640
injection.

10
00:00:41,640 --> 00:00:44,030
You have to select this Ezekial injection.

11
00:00:44,700 --> 00:00:51,120
So this application says this is the one rebill application we will be trying to hack with the ESKIL

12
00:00:51,120 --> 00:00:52,090
injection attack.

13
00:00:54,180 --> 00:01:01,530
So we will be doing all the steps as suggested in this one rebel lab, so years the application log

14
00:01:01,530 --> 00:01:02,760
which will get to see.

15
00:01:04,240 --> 00:01:10,210
So the first thing is to go ahead and try to log in with the following credential, the credentials

16
00:01:10,210 --> 00:01:15,690
are using the red dot com and at the place of password, you need to enter password.

17
00:01:16,060 --> 00:01:20,470
So let's enter both these fields and see what happens.

18
00:01:21,880 --> 00:01:23,560
At the place of password.

19
00:01:24,940 --> 00:01:26,140
Type password.

20
00:01:27,530 --> 00:01:28,490
Peter Log-in.

21
00:01:29,910 --> 00:01:36,990
So it is a known email or passwords, so the second step is to guess the password because the previous

22
00:01:36,990 --> 00:01:38,550
password didn't work there.

23
00:01:38,890 --> 00:01:45,210
So it says that the email put the same e-mail address that is user it, trade, email, dot com and

24
00:01:45,210 --> 00:01:48,030
at the place of password again type password.

25
00:01:48,300 --> 00:01:53,520
But if you notice closely, there is one single code at the end.

26
00:01:53,530 --> 00:01:58,400
So we are going to enter password and then single code and login.

27
00:01:59,310 --> 00:02:03,540
So it says the application crashed with an unexpected error.

28
00:02:03,570 --> 00:02:04,960
So what does this mean?

29
00:02:05,280 --> 00:02:11,730
So when an application gives you some error regarding this index, so you should be very happy because

30
00:02:12,390 --> 00:02:17,940
there might be a chance that the application might be vulnerable to a squirrel injection.

31
00:02:19,310 --> 00:02:22,670
So now let's see what happens into the logs window.

32
00:02:23,840 --> 00:02:31,730
And also it seems that there is some syntax error due to the buzzword and single code, which we added

33
00:02:31,730 --> 00:02:38,750
at the end at the input field of the password, due to which the syntax of the query is messed up and

34
00:02:38,750 --> 00:02:40,560
created, something takes error.

35
00:02:40,850 --> 00:02:42,350
So let's see what it is.

36
00:02:44,260 --> 00:02:50,330
If you see this very closely, it's the same Querrey, what we have discussed in the previous videos.

37
00:02:50,330 --> 00:02:55,700
So select start from users, users, what is the name of the table there?

38
00:02:55,840 --> 00:03:02,800
Email is the name of the column where we have paused, use it to read email dot com and and is a logical

39
00:03:02,800 --> 00:03:03,390
operator.

40
00:03:03,400 --> 00:03:08,330
Your password equals password, single code.

41
00:03:08,380 --> 00:03:15,970
This is what we have a date at the place of password due to which syntax error has occurred.

42
00:03:17,600 --> 00:03:24,380
So let's see this clearly, it says that there is some syntax error, again, it saying so here is the

43
00:03:24,380 --> 00:03:27,950
gold window they have made for the user's understanding.

44
00:03:27,950 --> 00:03:30,440
So let's see in the gold window closely.

45
00:03:33,590 --> 00:03:40,970
So at the place of password, I'm going to again type password and then one extra code so that to do

46
00:03:40,970 --> 00:03:47,330
the hourly closing of the query, let's see what is the meaning of early closing and what I'm trying

47
00:03:47,330 --> 00:03:47,820
to say.

48
00:03:48,050 --> 00:03:50,660
So the next step will see that.

49
00:03:50,660 --> 00:03:53,090
What does early closing mean?

50
00:03:54,410 --> 00:04:00,410
So now you're I am again going to log in with same e-mail address and the password this time will be

51
00:04:00,410 --> 00:04:07,620
single court space or space one equals one hyphen hyphen.

52
00:04:08,270 --> 00:04:15,680
So do remember that Enescu hyphen hyphen means coming the rest of the part.

53
00:04:15,680 --> 00:04:21,710
Whatever part of the query is we can maintain rescuable using hyphen hyphen.

54
00:04:22,950 --> 00:04:30,240
So if you hadn't seen the Goldwin Doit's is what we have been told and what the grade is going to interpret,

55
00:04:30,930 --> 00:04:37,830
it is empty then are, which is going to behave as a logical operator here, one equals one, which

56
00:04:37,830 --> 00:04:39,660
is always a true condition.

57
00:04:39,660 --> 00:04:43,860
Once value is always equal to one, you can select anything to equal to two.

58
00:04:43,980 --> 00:04:46,810
You should select the condition, which is always true.

59
00:04:47,100 --> 00:04:54,090
So your point is we have selected one equals one and command the rest of the part, which is hyphen,

60
00:04:54,090 --> 00:04:56,010
hyphen and try to log in.

61
00:04:56,040 --> 00:05:01,920
So now you see that without knowing the correct password, we are inside the application.

62
00:05:02,280 --> 00:05:04,770
So this is all Ezekial injection work.

63
00:05:06,480 --> 00:05:15,000
We tried to make the outcome of the query so that the database understands this result of the query

64
00:05:15,000 --> 00:05:18,170
is true, that means I am allowed to show the result.

65
00:05:19,080 --> 00:05:26,160
You would think the leniency of the audio operator we have spoofed equity and bypassed it without knowing

66
00:05:26,160 --> 00:05:27,320
the correct password.

67
00:05:27,330 --> 00:05:29,370
We have logged into the application.

68
00:05:29,640 --> 00:05:32,850
So this is what the fundamental of a skill injection is.

69
00:05:32,850 --> 00:05:36,110
And this is one simple basic payload of Escuela.

70
00:05:36,390 --> 00:05:41,760
We are going to see more payload and more different techniques about the skill injection in the next

71
00:05:41,760 --> 00:05:42,310
videos.

72
00:05:42,750 --> 00:05:43,920
Thank you so much.