모의해킹 실무자가 알려주는, 파일 다운로드 취약점 공격 기법과 실무 사례 분석
크리핵티브
웹 해킹 입문자에서부터 실무자까지 쉽게 따라 할 수 있는 파일 다운로드 취약점 공격 기법! 실무에서 사용되는 파일 다운로드 취약점 공격 기법과 심화 공격 기법! 그리고 시큐어 코딩 적용 방법!
초급
모의해킹
BEST
Advanced SQL Injection Attack Techniques Explained by a Simulated Hacking Practitioner: PART 2
The second lecture on SQL Injection, taught by a mock hacking practitioner! The first lecture covered the basics and the core principles of attacks, while the second lecture is about technical advanced attack techniques. Therefore, taking the first lecture is a must!
Reviews from Early Learners
What you will learn!
SQL Injection application attack technique
Advanced SQL Injection Attack Techniques
New Blind-Based SQL Injection
Advanced/Applied SQL Injection Attack Techniques You've Never Seen Before!
We present a new direction for mock hacking attacks.
📖 A series of SQL Injection attacks taught by a mock hacking expert!
- PART(1) : Basics / Practical Attacks / Secure Coding ◀ Previous lecture
This training covers the most important content in SQL Injection attacks. You can learn attack techniques used in practice from the basics, various countermeasures, and secure coding. This is a required training that serves as the basis for subsequent training.
- PART(2) : Application / Advanced / Advanced ◀ Current lecture
This is training on applied attack techniques and advanced attack techniques not covered in PART (1).
- PART(3) : Making an automated tool ◀ To be made
This is a training course that applies the attack techniques learned to an automation tool to create a Python-based automation tool.
📖 Differences between SQL Injection Part 1 & 2!
If the previous lecture Part (1) was about the basics and principles of attacks, and the core theory and practice of attacks, this lecture covers the technical aspects of SQL Injection attacks . Therefore, Part (1) is the backbone of this lecture, so it is recommended that you take Part (1) first and then Part (2).
📖 How have SQL Injection attacks been carried out?
If any of the items below apply to you, you can solve them quickly and easily through this lecture!
- Have you ever been unable to attack in an environment where there are no posts on the bulletin board, or have you ever conducted a time-based attack?
- When performing Error-Based or Union-Based attacks, didn't you extract data one by one?
- In a Blind-Based attack, didn't you make at least 7 requests to infer one character?
- Did you know that file download vulnerability attacks are possible in the file download function linked to a database?
- Did you know that data retrieval attacks via Union-Based attacks are possible for file download functions linked to a DB?
💡 Why you absolutely must take this course!
This lecture covers not only known attack techniques, but also techniques that we discovered through our own research rather than well-known attack techniques. This attack technique presents a new direction for Blind-Based SQL Injection attacks !
The lecture also covers how this attack technique can be used to query data faster and more effectively than previously known attack techniques!
So... practitioners must definitely take this course, right!?
📖 Provides PHP-based practice bulletin boards for each DBMS!
We provide a practice bulletin board based on PHP-MYSQL, PHP-MSSQL, and PHP-ORACLE, through which you can practice SQL Injection for various DBMS.
🙋🏻♂️ Questions Q&A
Q. Can I understand Part (2) lecture if I haven't taken Part (1) lecture?
A. I highly recommend that you take the Part (1) lecture. I also recommend that you take this lecture after you have a sufficient understanding of SQL Injection attacks. If you have not taken Part (1) but have sufficient knowledge of SQL Injection attacks, there will be no major problems in taking Part (2), but there may be terms used or content that you are not familiar with, so I recommend that you take Part (1) if possible.
Q. Is this an attack technique that can be applied directly in practice?
A. Yes, of course! It can be applied immediately and attacks can be made more efficiently than existing technologies.
Q. Is there any information about countermeasures?
A. No, there isn't. For the countermeasures, please refer to the Part (1) lecture.
💡 Must-see lectures
Basic SQL Grammar for Successful SQL Injection Attacks
Basic Steps to Learn SQL Injection Attacks
Basic Steps to Learn SQL Injection Attacks
SQL Injection Attack Techniques and Secure Coding: PART 1
SQL Injection Core Lecture! The Basics and Principles of Attacks!
SQL Injection Core Lecture! The Basics and Principles of Attacks!
※ Nanum font provided by Naver is used in this training PPT.
Recommended for
these people
Who is this course right for?
Someone who has basic knowledge of SQL Injection
Anyone who is confident about SQL Injection attacks
For those who want to know more about SQL Injection attacks
Anyone who wants to make SQL Injection attacks faster
Need to know before starting?
SQL Basic Grammar
SQL Injection Basic Knowledge
Understanding SQL Injection Attacks
25,752
Learners
1,344
Reviews
497
Answers
4.9
Rating
18
Courses
:: 국내 정보보안 솔루션 개발 기업 재직 ::
- 앱 위변조 방지 솔루션 : 미들웨어 담당 / 해킹 대회 운영진 / 국내 유명 해킹/방어 훈련장 제작
:: 국내 정보보안 전문 업체 재직 ::
- 블랙박스 모의해킹 / 시나리오 기반 모의해킹 / 웹 취약점 진단 / 모바일 취약점 진단 / 소스코드 취약점 진단 / APT 모의 훈련 / DDoS 모의훈련 / 인프라 진단 / 스마트 가전 진단
- 국내 대기업, 중소기업 다수 진단
:: 외부 교육 및 활동 ::
- 멀티캠퍼스, 국가 보안 기술 연구소(ETRI)
- 국내 정보보안 업체 : 재직자 대상 "웹 모의해킹 심화 교육" 진행중
- 해커팩토리 문제 제작
:: 취약점 발견 ::
1) Web Application Server 취약점
- TMAX JEUS : 원격 명령어 실행 취약점(Remote Command Execution Vulnerability)
- IBM WebSphere(CVE-2020-4163) : 원격 명령어 실행 취약점(Remote Command Execution Vulnerability)
2) CMS(Contents Management System) 취약점
- 네이버 스마트에디터 : 파일 업로드 취약점
- 그누보드 : SQL Injection , 파일 업로드 취약점(그누보드4, 그누보드5), XSS ...
- 킴스큐 : 파리미터 변조 취약점 , 파일 업로드 취약점
* 이메일 : crehacktive3@naver.com
* 블로그 : http://www.crehacktive.co.kr
Curriculum
All
85 lectures ∙ (14hr 43min)
Course Materials:
Lecture resources
Published:
Last updated:
Reviews
All
23 reviews
4.9
23 reviews
정두화Reviews 3
∙
Average Rating 5.0
- 고영훈
Reviews 1
∙
Average Rating 5.0
- qwerty
Reviews 18
∙
Average Rating 4.8
- sim_sw
Reviews 4
∙
Average Rating 5.0
- Hong David
Reviews 1
∙
Average Rating 3.0
$127.60
crehacktive's other courses
Check out other courses by the instructor!
![파일 업로드 취약점 고급 공격 기법 PART2 [통합편]강의 썸네일](https://cdn.inflearn.com/public/courses/333012/cover/12bd40e1-1e17-493a-81b9-64ac5fed558e/333012.png?f=avif&w=420)
Similar courses
Explore other courses in the same field!
