SQL injection attack, listing the database contents on non-Oracle databases
https://portswigger.net/web-security/sql-injection/examining-the-database/lab-listing-database-contents-non-oracle
Last updated
Was this helpful?
https://portswigger.net/web-security/sql-injection/examining-the-database/lab-listing-database-contents-non-oracle
Last updated
Was this helpful?
Let's filter for Food & Drink
.
Since we are proxying the traffic through Burp Suite, we can go to the Proxy > HTTP History
tab to view this request.
Let's forward the request to the Repeater
for further modification.
Once in the Repeater
, let's set the category
parameter to the following:
Since the application returns an error, we know that the number of columns in the current query is more than 1. Let's set the category
parameter to the following:
Now that we know the current query has two columns, we can start enumerating the databases.
Now let's enumerate the tables present in the public
database by setting the category
parameter to:
Next, we need to find the columns present in the users_bfbtjz
table. We can do that by setting the category
parameter to the following:
We can now retrieve the usernames and password from the username_ylkdae
and password_sdbuqk
columns respectively.
For that we have to set the category
parameter to the following:
We can now login as the administrator using the following credentials:
administrator
x3lp8yt4oyymkeu9bppm
We have solved the lab.