1.3 Lab: SQL injection UNION attack, determining the number of columns returned by the query | 2023

This lab contains a SQL injection vulnerability in the product category filter. so you can use a UNION attack to retrieve data from other tables. You will then use this technique in subsequent labs to construct the full attack | Karthikeyan Nagaraj

Karthikeyan Nagaraj
2 min readNov 22, 2023

Description

This lab contains a SQL injection vulnerability in the product category filter. The results from the query are returned in the application’s response, so you can use a UNION attack to retrieve data from other tables. The first step of such an attack is to determine the number of columns that are being returned by the query. You will then use this technique in subsequent labs to construct the full attack.

To solve the lab, determine the number of columns returned by the query by performing a SQL injection UNION attack that returns an additional row containing null values.

Solution

  1. Click on any category Ex: Gifts and add the query like below category=Gifts’+UNION+SELECT+NULL--
  2. You have to keep adding the NULL
  3. At last, with 3 NULL value, you get to know about the column and the lab will be solved with this final payload
    ’+UNION+SELECT+NULL,NULL,NULL--

If you would like to support me so that I can create more free content — https://www.buymeacoffee.com/cyberw1ng

Thank you for Reading!

Happy Hacking ~

Author: Karthikeyan Nagaraj ~ Cyberw1ng

Telegram Channel for Ethical Hacking Dumps — https://t.me/ethicalhackingessentials

--

--

Karthikeyan Nagaraj

Entrepreneur | Writer | Cyber Security Consultant | AI Researcher