SQL Injection – listing the database contents on non-Oracle databases | PortSwigger Lab Note #7

target：

• Lab URL:
  https://portswigger.net/web-security/learning-paths/sql-injection/sql-injection-examining-the-database-in-sql-injection-attacks/sql-injection/examining-the-database/lab-listing-database-contents-non-oracle#

• Tools Used:

1. browser

2. Burp suite

Vulnerability Summary：

• Type:

SQL Injection

• Description:

The application has a login function, and the database contains a table that holds usernames and passwords. You need to determine the name of this table and the columns it contains, then retrieve the contents of the table to obtain the username and password of all users.

To solve the lab, log in as the administrator user.

Steps to Exploit：

1.Determine the number of columns and which columns contain string data.

2.retrieve the list of tables in the database

3.Find the name of the table containing user credentials.

4.retrieve the details of the columns in the table vulnerable

5.Find the names of the columns containing usernames and passwords

6.retrieve the usernames and passwords for all users

Remediation：

• Use parameterized queries / prepared statements

• Use server‑side input validation

• Escape and sanitize user input

Lessons Learned：