1.4 Lab: SQL injection UNION attack, finding a column containing text | 2023

This lab contains a SQL injection vulnerability in the product category filter. so you can use a UNION attack to retrieve data from other tables. To construct an attack, you need to determine the number of columns. Then identify a column that is compatible with string data and perform a SQL injection UNION attack that returns an additional row containing the value provided | Karthikeyan Nagaraj

Description

This lab contains a SQL injection vulnerability in the product category filter. The results from the query are returned in the application’s response, so you can use a UNION attack to retrieve data from other tables. To construct such an attack, you first need to determine the number of columns returned by the query. You can do this using a technique you learned in a previous lab. The next step is to identify a column that is compatible with string data.

The lab will provide a random value that you need to make appear within the query results. To solve the lab, perform a SQL injection UNION attack that returns an additional row containing the value provided. This technique helps you determine which columns are compatible with string data.

Solution

1. Use the technique which we used on the previous lab to find number of Columns
2. We found that there are 3 Columns, so we have to put a random string on each column separately.
3. Replace any String in the Place of NULL in the 1st column, if it throws an error, put that string on the next place of NULL.
4. If it doesn’t shows an error replace your string with “DV9wEp” or the string that will given to you in the top of the lab and hit enter.

If you would like to support me so that I can create more free content — https://www.buymeacoffee.com/cyberw1ng

Thank you for Reading!

Happy Hacking ~

Author: Karthikeyan Nagaraj ~ Cyberw1ng

Telegram Channel for Ethical Hacking Dumps — https://t.me/ethicalhackingessentials