ScrollUnlock

Lab 7 : SQL injection attack, querying the database type and version on Oracle

Problem Statement :

This lab contains an SQL injection vulnerability in the product category filter. You can use a UNION attack to retrieve the results from an injected query.

To solve the lab, display the database version string.

Requirements :

Make the database retrieve the strings: ‘Oracle Database 11g Express Edition Release 11.2.0.2.0 – 64bit Production, PL/SQL Release 11.2.0.2.0 – Production, CORE 11.2.0.2.0 Production, TNS for Linux: Version 11.2.0.2.0 – Production, NLSRTL Version 11.2.0.2.0 – Production’

Solution:

So there are various methods to get the version of the database. Depends on which DB you are using Example is it MS SQL or Is it Oracle.

So we need to run the query like to get the version of the database.

Example

SELECT FROM @@Version

SELECT BANNER FROM V$VERSION

STEPS followed –

  1. Again same method used. First used ORDER by 1 / 2 etc.. To find the number of columns in this.
  2. Next is UNION attack command to retrieve the data in one single column.

' UNION SELECT BANNER, NULL FROM V$VERSION

Example from MYSQL Database

Response

  1. Solving SQL Injection Lab’s from PortSwigger | Scroll Unlock Avatar
    Solving SQL Injection Lab’s from PortSwigger | Scroll Unlock

    […] Lab 7 : SQL injection attack, querying the database type and version on Oracle […]

    Like

    Reply

Leave a comment

From the blog

About the author

Sophia Bennett is an art historian and freelance writer with a passion for exploring the intersections between nature, symbolism, and artistic expression. With a background in Renaissance and modern art, Sophia enjoys uncovering the hidden meanings behind iconic works and sharing her insights with art lovers of all levels. When she’s not visiting museums or researching the latest trends in contemporary art, you can find her hiking in the countryside, always chasing the next rainbow.