Automating Boolean SQL Injection and Evading Filters

Sign up for Snyk at 00:00 - Talking about why I like SQL Boolean Injection 01:47 - Opening up the source code to the web app 02:00 - Snyk sponsor segment, talking about how it can find and fix vulnerabilities in your code in real time 04:30 - Demonstrating validating boolean injection with an or statement 07:00 - Showing a small python client I made for this video to play with the SQL Injection, then showing subqueries 09:20 - Showing how to enumerate columns in the database via brute-force guessing because we can’t use information_schema 11:25 - Going over the LIMIT statement so we can control which row we are looking at, then showing LIMIT 2 offset 1 is the same as LIMIT 1,1 15:00 - Showing the SUBSTR command so we can guess individual characters in a column/row 17:05 - Talking about converting a string to number in mysql which makes it possible to guess bad characters 21:45 - Start of creating our script, talking about the 3 functions we need, t