Server-Side Attacks | SQL Injection contexts WalkThrough -PortSwigger Labs -Part1-

In This part I will solve SQL injection UNION attack :

Lab 1 : SQL injection UNION attack, determining the number of columns returned by the query :

  • In this Lab determine The number of columns returned by The query .
  • Product category is filter .
  • We use UNION attack to retrieve Data from other tables .

Lab 2 : SQL injection UNION attack, finding a column containing text :

In This Lab we use UNION attack To retrieve data from tables.

  • use ORDER BY 3 --

Lab 3 : SQL injection UNION attack, retrieving data from other tables

In this Lab we retrieve data from specific Table called Users , with 2 columns called Username and password .

  • Determine number of columns
  • Use this query ‘ UNION SELECT username,password FROM users —

Lab 4 : SQL injection UNION attack, retrieving multiple values in a single column .

In this Lab we need to retrieving multiple values in a single column .

  • use : ‘ UNION SELECT NULL,’absc’ —

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store