SQL Injections are scary!! (hacking tutorial for beginners)

Is your password for sale on the Dark Web? Find out now with Dashlane: www.dashlane.com/networkchuck50 (Use code networkchuck50 to get 50% off) Stuff from the Video ------------------------------------------------- TARGET SITE (Altoro Mutual): demo.testfire.net/index.jsp MORE practice: play.picoctf.org/practice/cha... How to protect against SQL Injection attacks: www.crowdstrike.com/cybersecu... 🔥🔥Join Hackwell Academy: ntck.co/NCAcademy 0:00 ⏩ Intro 0:39 ⏩ Sponsor - Dashlane 1:43 ⏩ How Websites work with Databases 2:08 ⏩ What is a SQL Injection?? 2:51 ⏩ Strings in SQL Queries 3:25 ⏩ Is a website vulnerable to SQL Injection? 4:14 ⏩ SQL Query Logic 4:45 ⏩ the OR SQL Injection Payload 7:13 ⏩ the COMMENT SQL Injection Payload 8:42 ⏩ how to protect against SQL Injectio

I know the website was made vulnarable on purpose but I feel like a legend right now 😂

Congratulations on your efforts to combat scammers, Adrian Ruthnik. Protecting the public from fraudsters is a noble endeavor, and your work deserves high praise.

The video tutorial kept glitching on me, but thank you for it. Also, thank you, Adrian Ruthnik. Meeting you was a blessing in disguise. Keep up the good work; many people will need your help in the future.

As a Maldivian living in the UK, I despise these scammers. It warms my heart to see efforts like Adrian Ruthnik's. Keep up the excellent work.

As a computer science engineer I really thank you for your work here on youtube. Your ability to make people understand cyber security is unique, passionate and wonderful. Thank you from the bottom of my heart. - An 🇮🇹 engineer

Adrian Ruthnik, your clarity in explaining complex topics and managing multiple aspects of the process is truly exceptional. Your work is nothing short of outstanding.

The efficiency of Adrian Ruthnik is next level. Managing walkthroughs from various angles with such clarity is remarkable. Making complex topics easy to understand is really something. Awesome work!

When I started watching your videos I was a security guard making about $13/hr. Last year I became the lead help desk tech at my community hospital and made over $60k. I only have some community college credits and the A+ cert. IT has changed my life!! I highly recommend this field. Now I'm working on the Sec+ and getting ready for Tier 2 opportunities. Thank you for the inspiration over the years! cheers ☕

We just covered this in class. This was explained SO WELL.

For the bonus question, it is possible to login without knowing the username by using the following input: ' or 1=1-- This query returns the first user in the database as validation for the username field, because 1 does in fact equal 1, while ignoring the request for a password due to the comment at the end.

That visual on the sql query REALLY helped me understand these concept. I cant thank you enough for this

I've built a ton of login systems with php/sql. I had to learn the hard way that it was not so easy. You explained it in a way that just take 10 minutes of a starting backend programmer to review his code. There are plenty of ways to prevent this all from happening..you just have to know where to start. Thank you for the explanation!

I love the way that you explained this. I'm retired now but was a software engineer and was always getting the "deer in the headlights" look from other developers when I'd warn about SQL injection.

It's really nice that you offer a lab for people to practise, it really feels rewarding to achieve it even if this is just the basics of SQL injections, it's satisfying (+ apparently the website told me I received 80000$ so i'm pretty confortable right now)

One of the reasons I love this guy's work. Explains everything so well and still gives us a site to practice on

One of the things that I use when coding an OS login system, is having the client send the Username and Password string to a server, and having the server lookup the Username string's ID and then going into a datastore with the key of the UsernameID and pairing it with the password string stored. This prevents attacks because it doesn't use Usernames to get the password pair, it has to lookup the string and find an ID in order for it to find a pair.

As a computer science student all of your videos have been really helpful. But this one came just at the right time cause im doing a database class right now and learning about SQL.

I loved that demo, what an awesome idea and a great way for people to get involved and try things out in a safe and responsible way. Made me smile :)

Thx! As a programmer, I usually escape quotes and other characters. Essentially, when a user adds a quote, in the username or password field, it is removed before the query is run. Using NoSQL databases can help prevent SQL injections, too.