Introduction
Hello, everyone. How are you all doing? This is our 8th article on SQL injection. In this article, we will cover the PortSwigger Web Security Lab – SQL injection attack querying the database type and version on Oracle. We will cover this lab completely with practical examples and screenshots.
Lab Description
This lab has an SQL injection vulnerability in the product category filter. We can retrieve data using a UNION attack.
In this lab, we simply need to find the version of the database.
Lab Solution
First, access the lab. After accessing the lab, filter the product category. In my case, I am clicking on “pets” and will perform the SQL injection from there.
In the screenshot above, you can see that the database we are dealing with is an Oracle Database.
To find the version of Microsoft SQL Server or MySQL, we use SELECT @@version. To find the version of Oracle, we use SELECT * FROM v$version. And to find the version of PostgreSQL, we use SELECT version().
In this case, we have an Oracle Database, so we will use SELECT * FROM v$version.
Example of a UNION attack:
' UNION SELECT * FROM v$version--)After accessing the lab,
I first used a single quote (‘) at the end of the URL to see if I would get an error. Now I’m sure that there is an SQL injection vulnerability here.
Now, I need to perform a UNION attack to find the number of columns.
To exploit this database, we will use the default table name for Oracle Database, which is “DUAL.” The query will look like this:
'UNION+SELECT+NULL,NULL+FROM+DUAL--
When I performed the above SQL query, I found that the “DUAL” table has only 2 columns. In a real case, you would gradually increase the number of columns until the error is resolved and you see results. That’s how you determine the number of columns.
Next, we will test which column accepts string values.
'+UNION+SELECT+'abc','def'+FROM+dual--
Both columns are accepting string values, so now we will find the version using one of these columns.
'+UNION+SELECT+BANNER,+NULL+FROM+v$version--
After performing the above query, you can see that we have successfully solved the PortSwigger Web Security Lab – SQL injection attack querying the database type and version on Oracle.
You can learn everything related to web security on our website. We upload the latest articles on web security topics on a daily basis, so stay with us.
To continue studying check out the next lab i.e. SQL Injection Attack Querying The Database Type And Version On MySQL And Microsoft, cover the current lab before visiting the next lab. Good Luck!
FAQS
Website security refers to protecting a website or web application from cyberattacks, unauthorized access, or other security threats.
Web application security means protecting a website from cyberattacks. These attacks may include vulnerabilities such as SQL injection, XSS, file inclusion, and others.
It is always a good practice to use an up-to-date browser with timely updates. Keep your browser plugins up-to-date, avoid malicious websites and links, and always enable 2-factor authentication while avoiding clickjacking.
Searching for someone’s social security number or credit card information on the dark web is illegal and unethical. It is important to always avoid such activities and protect yourself and others from cyber threats.
