SQL injection attack, querying the database type and version on Oracle
https://portswigger.net/web-security/sql-injection/examining-the-database/lab-querying-database-version-oracle
Last updated
https://portswigger.net/web-security/sql-injection/examining-the-database/lab-querying-database-version-oracle
Last updated
Let's filter for Accessories
.
Since we are proxying the traffic through Burp Suite, we can go to the Proxy > HTTP History
tab to view this request.
Let's forward the request to the Repeater
for further modification.
Once in the Repeater
, let's set the category
parameter to the following:
Now that we know there are two columns, we can set the category
parameter to the following:
We have solved the lab.