Introduction
Hello, friends. How are you all doing? This is our 9th article on SQL Injection. In this article, we will cover the PortSwigger Web Security lab on SQL injection attacks querying the database type and version on MySQL and Microsoft, from basic to advanced levels, with practical examples.
Lab Description
In this lab, we have been given an application with SQL Injection vulnerabilities. The SQL Injection vulnerability exists in the product category filter. We can retrieve data using injected queries by performing a UNION attack.
To solve the lab 1st we need to find database version.
Lab Solution
First, access the lab. After accessing the lab, apply a filter to any category. In my case, I selected “Pets” and will search for SQL injection vulnerabilities within it.
Access the following URL: https://0ad100b30457ef688254380300fc0005.web-security-academy.net/filter?category=Gifts
After accessing the lab, the most important task is to confirm the SQL Injection vulnerability. Simply add a single quote (‘) after “Gifts,” and an error will be displayed. It means the application is vulnerable to SQL Injection. %27 is the encoded form of a single quote (‘).
Now, we will find the columns within the table. We need to determine the number of columns present.
Use the following UNION SELECT statement:
'+UNION+SELECT+NULL,NULL#I have successfully determined that there are only 2 columns in this ca
Next, we will check if both columns accept string values or not.
Use the following UNION SELECT statement:
'+UNION+SELECT+'abcd','12345'#
Both columns are accepting string values. Now, it’s time to find the database version.
Use the following UNION SELECT statement:
'+UNION+SELECT+@@version,+NULL#
To find the database version, we use @@version and place it in the first null value.
As you can see, we have successfully solved the PortSwigger Web Security lab on SQL injection attack querying the database type and version on MySQL and Microsoft.
You can learn everything related to web security on our website. We upload the latest articles on web security topics on a daily basis, so stay with us.
To continue studying check out the next lab i.e. SQL Injection Attack Listing The Database Contents On Non-Oracle Databases, cover the current lab before visiting the next lab. Good Luck!
FAQS
Website security refers to protecting a website or web application from cyberattacks, unauthorized access, or other security threats.
Web application security means protecting a website from cyberattacks. These attacks may include vulnerabilities such as SQL injection, XSS, file inclusion, and others.
It is always a good practice to use an up-to-date browser with timely updates. Keep your browser plugins up-to-date, avoid malicious websites and links, and always enable 2-factor authentication while avoiding clickjacking.
Searching for someone’s social security number or credit card information on the dark web is illegal and unethical. It is important to always avoid such activities and protect yourself and others from cyber threats.
