Introduction
Hello guys, this is our 4th article on SQL Injection. In this article, we will solve the PortSwigger Web Security lab on SQL injection UNION attack, finding a column containing text, step by step.
Lab Description
This lab has an SQL Injection vulnerability in the product category filter. The application’s response returns our SQL Injection queries. Based on this, we can perform a UNION attack to retrieve data from the tables. To perform this type of attack, we first need to find the number of columns in the application’s table. You can use the techniques you learned in previous labs to find the number of columns. Once you determine the number of columns, you need to check which column accepts string data or values. Later, you will retrieve data from the application’s database using that column.
Lab Solution
First, access the lab.
After accessing the lab, click on any product in the menu. In my case, I clicked on “Food & Drink.”
Once you click on “Food & Drink,” we will find the number of columns. To do this, we will try the following UNION attack:
'+UNION+SELECT+NULL,NULL--I added 2 null values, but an error occurred, indicating that there are more than 2 columns. Let’s increase it to 3.
'+UNION+SELECT+NULL,NULL,NULL--By increasing the value of NULL to 3, I found out that there are 3 columns. Now, let’s test which column accepts string values.
In the lab, we were already given a string value that we need to execute in a column.
'+UNION+SELECT+'WfBLhK',NULL,NULL--
I tried this value (‘+UNION+SELECT+’WfBLhK’,NULL,NULL–) and found out that the first null value does not accept string values. I will keep the first null as it is and try the string in the second null value.
'+UNION+SELECT+NULL,'NULL'WfBLhK',NULL--When I used the string in the second null value (‘NULL’WfBLhK’), it accepted the string value. As a result, the data was displayed, and we have successfully solved the PortSwigger Web Security lab on SQL injection UNION attack, finding a column containing text.
You can learn everything related to web security on our website. We upload the latest articles on web security topics on a daily basis, so stay with us.\
To continue studying check out the next lab i.e. SQL Injection UNION Attack Retrieving Data From Other Tables, cover the current lab before visiting the next lab. Good Luck!
FAQS
Website security refers to protecting a website or web application from cyberattacks, unauthorized access, or other security threats.
Web application security means protecting a website from cyberattacks. These attacks may include vulnerabilities such as SQL injection, XSS, file inclusion, and others.
It is always a good practice to use an up-to-date browser with timely updates. Keep your browser plugins up-to-date, avoid malicious websites and links, and always enable 2-factor authentication while avoiding clickjacking.
Searching for someone’s social security number or credit card information on the dark web is illegal and unethical. It is important to always avoid such activities and protect yourself and others from cyber threats.
