Problem Statement :
**************************************************************************************************
This lab contains an SQL injection vulnerability in the product category filter. The results from the query are returned in the application’s response, so you can use a UNION attack to retrieve data from other tables. To construct such an attack, you need to combine some of the techniques you learned in previous labs.
The database contains a different table called users, with columns called username and password.
To solve the lab, perform an SQL injection UNION attack that retrieves all usernames and passwords, and use the information to log in as the administrator user.
**************************************************************************************************
Solution:
**************************************************************************************************
As we have learned in previous lab regards how to start with UNION attack, same way we have to solve this lab.
- First use the ORDER by Clause to find out how many columns we have.
- Next use the UNION clause to add null in additional row.
- Next You can use the UNION to Join other table with the current one . The result will be the other table’s data will be reflected under this current page when we fire this query.
Query is :
‘ UNION SELECT * FROM Users–
I just copied the content into my text editor and took a screenshot of the same. At the end of the page you can see user name Administrator and password.
Screenshot of the lab.
Reference – As we have seen this earlier in Lab 3 you will see an example of how it is seen in the database actually.
Scroll Unlock 