Portswigger - NoSQL injection - Lab #1 Detecting NoSQL injection скачать в хорошем качестве
Portswigger - NoSQL injection - Lab #1 Detecting NoSQL injection
2 года назад
Не удается загрузить Youtube-плеер. Проверьте блокировку Youtube в вашей сети.
Повторяем попытку...
Повторяем попытку...
Скачать видео с ютуб по ссылке или смотреть без блокировок на сайте: Portswigger - NoSQL injection - Lab #1 Detecting NoSQL injection в качестве 4k
У нас вы можете посмотреть бесплатно Portswigger - NoSQL injection - Lab #1 Detecting NoSQL injection или скачать в максимальном доступном качестве, видео которое было загружено на ютуб. Для загрузки выберите вариант из формы ниже:
-
Информация по загрузке:
Скачать mp3 с ютуба отдельным файлом. Бесплатный рингтон Portswigger - NoSQL injection - Lab #1 Detecting NoSQL injection в формате MP3:
Если кнопки скачивания не
загрузились
НАЖМИТЕ ЗДЕСЬ или обновите страницу
Если возникают проблемы со скачиванием видео, пожалуйста напишите в поддержку по адресу внизу
страницы.
Спасибо за использование сервиса ClipSaver.ru
Portswigger - NoSQL injection - Lab #1 Detecting NoSQL injection
Hello Hackers, in this video of Detecting NoSQL injection you will see how to exploit and discover NoSQL injection vulnerabilities in a lab from Web Security Academy powered by Portswigger ⚠️ Subscribe to my channel ➡️ @popo_hack ⚠️ 0:00 - About the Lab 0:42 - Exploit NoSQL injection input 5:18 - Bypass the filter using Boolean condition 🔍 About the Lab Lab: Detecting NoSQL injection Level: Apprentice This lab has a product category filter for this lab is powered by a MongoDB NoSQL database. It is vulnerable to NoSQL injection. To solve the lab, perform a NoSQL injection attack that causes the application to display unreleased products. ✅ What to do ? 1. In Burp's browser, access the lab and click on a product category filter. 2. In Burp, go to Proxy, then HTTP history. Right-click the category filter request and select Send to Repeater. 3. In Repeater, submit a ' character in the category parameter. Notice that this causes a JavaScript syntax error. This may indicate that the user input was not filtered or sanitized correctly. 4. Submit a valid JavaScript payload in the value of the category query parameter. You could use the following payload: Gifts'+' Make sure to URL-encode the payload by highlighting it and using the Ctrl-U hotkey. Notice that it doesn't cause a syntax error. This indicates that a form of server-side injection may be occurring. 5. Identify whether you can inject boolean conditions to change the response: 5.1. Insert a false condition in the category parameter. For example: Gifts' && 0 && 'x Make sure to URL-encode the payload. Notice that no products are retrieved. 5.2. Insert a true condition in the category parameter. For example: Gifts' && 1 && 'x Make sure to URL-encode the payload. Notice that products in the Gifts category are retrieved. 6. Submit a boolean condition that always evaluates to true in the category parameter. For example: Gifts'||1||' 7. Right-click the response and select Show response in browser.) 8. Copy the URL and load it in Burp's browser. Verify that the response now contains unreleased products. The lab is solved. Thank you for watching my video, if you have any questions or any topics recommendation feel free to write them on the comment below 🙋 #WebSecurityAcademy #portswigger #nosql #vulnerability
Comments
![Почему работает теория шести рукопожатий? [Veritasium]](https://imager.clipsaver.ru/ggI1xKzoANs/max.jpg)
