Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,300 --> 00:00:05,550 In this video, let's discuss about its fuel injection or sequel injection. 2 00:00:06,650 --> 00:00:15,140 Sequel injection is a type of vulnerability that allows attackers to execute arbitrary ESKIL queries 3 00:00:15,230 --> 00:00:16,190 on the database. 4 00:00:17,000 --> 00:00:23,120 This is done by making use of a vulnerable parameter in the Web application, which is taking user input 5 00:00:23,120 --> 00:00:28,400 and sending it to the ESKIL queries dynamically without sanitizing. 6 00:00:29,240 --> 00:00:36,710 If you observe the sequel query here, it is constructed dynamically by concatenating a constant based 7 00:00:36,710 --> 00:00:39,530 query string and a user input string. 8 00:00:39,980 --> 00:00:44,880 The user input string in this case is user name as well as the password. 9 00:00:45,320 --> 00:00:52,170 These two strings are taken from the user and appended to this existing sequel query string. 10 00:00:52,880 --> 00:00:55,070 This is a bad practice and dangerous. 11 00:00:56,000 --> 00:00:58,720 This is an example of when that happens. 12 00:00:59,270 --> 00:01:05,840 If you notice there is a login page here and the user can enter username and password. 13 00:01:06,270 --> 00:01:13,310 If this user rendered input is appended to this Sequim query without any sanitisation on this input, 14 00:01:13,700 --> 00:01:21,440 and attacker can take advantage of the situation to insert malicious sequel payloads instead of the 15 00:01:21,440 --> 00:01:24,490 actual user name to bypass authentication. 16 00:01:25,130 --> 00:01:32,150 In addition to this, it is also possible to dump all the data from the database using this ESKIL injection 17 00:01:32,150 --> 00:01:32,890 vulnerability. 18 00:01:33,620 --> 00:01:40,040 What you're seeing here on the screen is a sample sequel, injection payload and and the execution of 19 00:01:40,040 --> 00:01:40,250 it. 20 00:01:40,880 --> 00:01:47,960 When the user interface, this string as part of the user name Feel and the string as part of the password 21 00:01:47,960 --> 00:01:52,730 for this will get injected into the secret query like this. 22 00:01:53,360 --> 00:02:01,460 When that happens, it gets executed like this select start from users where the user name equals one 23 00:02:02,090 --> 00:02:08,870 or one equals one and password equals one or one equals one. 24 00:02:09,770 --> 00:02:13,270 This means you're manipulating the way the query is executed. 25 00:02:13,610 --> 00:02:17,750 Ideally, this query should look for this whole string in the database. 26 00:02:18,200 --> 00:02:21,980 Instead, it is just checking if these conditions are matching or not. 27 00:02:22,550 --> 00:02:26,430 The first condition is user is one on one equals one. 28 00:02:26,480 --> 00:02:28,370 This is always going to return to. 29 00:02:29,260 --> 00:02:34,210 The second condition is password equals one, all one equals one. 30 00:02:34,570 --> 00:02:40,150 Once again, one equals one is always true and there's this whole thing is going to return. 31 00:02:40,150 --> 00:02:40,430 True. 32 00:02:40,690 --> 00:02:46,450 So once this queries executed, this part is going to return true as well as this part is going to return. 33 00:02:46,450 --> 00:02:46,790 True. 34 00:02:47,290 --> 00:02:51,790 And if this query is used for authentication, the authentication will be bypassed. 35 00:02:52,600 --> 00:02:54,740 That's the theory behind sequel injection. 36 00:02:55,150 --> 00:03:00,930 Let's see some examples of how the secret injection can be exploited in new applications. 3918