SQL injection attack, listing the database contents on non-Oracle databases
https://portswigger.net/web-security/sql-injection/examining-the-database/lab-listing-database-contents-non-oracle
Last updated
https://portswigger.net/web-security/sql-injection/examining-the-database/lab-listing-database-contents-non-oracle
Last updated
Let's filter for Food & Drink
.
Since we are proxying the traffic through Burp Suite, we can go to the Proxy > HTTP History
tab to view this request.
Let's forward the request to the Repeater
for further modification.
Once in the Repeater
, let's set the category
parameter to the following:
Since the application returns an error, we know that the number of columns in the current query is more than 1. Let's set the category
parameter to the following:
Now that we know the current query has two columns, we can start enumerating the databases.
Now let's enumerate the tables present in the public
database by setting the category
parameter to:
Next, we need to find the columns present in the users_bfbtjz
table. We can do that by setting the category
parameter to the following:
We can now retrieve the usernames and password from the username_ylkdae
and password_sdbuqk
columns respectively.
For that we have to set the category
parameter to the following:
We can now login as the administrator using the following credentials:
Username | Password |
---|---|
administrator | x3lp8yt4oyymkeu9bppm |
We have solved the lab.