SQL injection attack, listing the database contents on non-Oracle databases
https://portswigger.net/web-security/sql-injection/examining-the-database/lab-listing-database-contents-non-oracle
Last updated
https://portswigger.net/web-security/sql-injection/examining-the-database/lab-listing-database-contents-non-oracle
Last updated
Let's filter for Food & Drink.
Since we are proxying the traffic through Burp Suite, we can go to the Proxy > HTTP History tab to view this request.
Let's forward the request to the Repeater for further modification.
Once in the Repeater, let's set the category parameter to the following:
Since the application returns an error, we know that the number of columns in the current query is more than 1. Let's set the category parameter to the following:
Now that we know the current query has two columns, we can start enumerating the databases.
Now let's enumerate the tables present in the public database by setting the category parameter to:
Next, we need to find the columns present in the users_bfbtjz table. We can do that by setting the category parameter to the following:
We can now retrieve the usernames and password from the username_ylkdae and password_sdbuqk columns respectively.
For that we have to set the category parameter to the following:
We can now login as the administrator using the following credentials:
| Username | Password |
|---|---|
administrator | x3lp8yt4oyymkeu9bppm |
We have solved the lab.
