1 00:00:06,590 --> 00:00:07,940 - Let's go over the different types 2 00:00:07,940 --> 00:00:11,580 of sequel injection attacks or SQL injection attacks. 3 00:00:11,580 --> 00:00:13,810 There are three main categories. 4 00:00:13,810 --> 00:00:16,530 In-band, inferential, and out-of-band. 5 00:00:16,530 --> 00:00:18,940 So starting with in-band, basically that's when 6 00:00:18,940 --> 00:00:23,940 the attacker used the same channel to launch their attacks 7 00:00:24,820 --> 00:00:26,360 and to gather their results, y'know, 8 00:00:26,360 --> 00:00:28,090 with the web application, right? 9 00:00:28,090 --> 00:00:31,220 And in this case, attacker can manipulate the database 10 00:00:31,220 --> 00:00:34,200 or manipulate the application to cause some changes 11 00:00:34,200 --> 00:00:36,330 in the database or to obtain records 12 00:00:36,330 --> 00:00:40,530 from the database, or delete records, and so on. 13 00:00:40,530 --> 00:00:44,510 Now there's a second category called inferential 14 00:00:44,510 --> 00:00:45,940 or blind-sequel injection. 15 00:00:45,940 --> 00:00:49,830 You hear this a lot as blind-sequel injection, 16 00:00:49,830 --> 00:00:51,790 and this is actually when the attacker basically 17 00:00:51,790 --> 00:00:55,760 sends the payload to the server, and to the web application 18 00:00:55,760 --> 00:00:58,650 and then observes the response and the behavior 19 00:00:58,650 --> 00:01:02,050 of the application to learn more about the structure 20 00:01:02,050 --> 00:01:05,040 and the underlying technologies and the, y'know 21 00:01:05,040 --> 00:01:08,090 underlying ecosystem of the application. 22 00:01:08,090 --> 00:01:09,980 This is called blind-sequel injection 23 00:01:09,980 --> 00:01:12,350 because the data is actually not transferred back 24 00:01:12,350 --> 00:01:16,560 from the web application, or the database, to the attacker, 25 00:01:16,560 --> 00:01:18,770 and the attacker cannot see information about the attack. 26 00:01:18,770 --> 00:01:22,430 However, it can definitely manipulate the database 27 00:01:22,430 --> 00:01:24,840 and it can potentially even delete records, 28 00:01:24,840 --> 00:01:27,040 modify records, and so on. 29 00:01:27,040 --> 00:01:29,990 Now there's a third category which is 30 00:01:29,990 --> 00:01:32,500 the out-of-band attack, right? 31 00:01:32,500 --> 00:01:36,120 The out-of-band sequel injection, or SQL injection attack, 32 00:01:36,120 --> 00:01:38,100 and this is where the attacker can only carry 33 00:01:38,100 --> 00:01:40,870 out this form of attack when certain features 34 00:01:40,870 --> 00:01:44,360 are enabled on the database server and then use, y'know 35 00:01:44,360 --> 00:01:47,860 by the web application and then basically the attacker 36 00:01:47,860 --> 00:01:51,040 can manipulate that, y'know, vulnerable application. 37 00:01:51,040 --> 00:01:53,100 I'm gonna put W1 for, y'know, 38 00:01:53,100 --> 00:01:55,060 web application one, in here. 39 00:01:55,060 --> 00:01:57,720 And then that application can send 40 00:01:57,720 --> 00:02:01,400 an interact with another system, and I'm just gonna call it 41 00:02:01,400 --> 00:02:04,860 X in here, that the attacker can potentially, y'know, 42 00:02:04,860 --> 00:02:09,860 manipulate and obtain information from that web application. 43 00:02:10,070 --> 00:02:12,930 So from the vulnerable web applications that typically, 44 00:02:12,930 --> 00:02:16,470 the second system is controlled by the attacker 45 00:02:16,470 --> 00:02:18,410 and the attacker can manipulate the application 46 00:02:18,410 --> 00:02:22,520 to send that information to the out-of-band 47 00:02:22,520 --> 00:02:24,520 secondary system. 48 00:02:24,520 --> 00:02:28,450 So those are the general three types of SQL injection 49 00:02:28,450 --> 00:02:32,610 or sequel injection attacks in-band, inferential or 50 00:02:32,610 --> 00:02:35,193 blind-sequel injection, and out-of-band.