DEV Community

Kenny Cipher
Kenny Cipher

Posted on

SQL Injection – UNION attack, retrieving multiple values in a single column | PortSwigger Lab Note #5

#cybersecurity #security #sql #tutorial

target:

  • Lab URL:

https://portswigger.net/web-security/learning-paths/sql-injection/sql-injection-retrieving-multiple-values-within-a-single-column/sql-injection/union-attacks/lab-retrieve-multiple-values-in-single-column

  • Tools Used:

  1. browser

  2. Burp suite

Vulnerability Summary:

  • Type:

SQL Injection

  • Description:

To solve the lab, perform a SQL injection UNION attack that retrieves all usernames and passwords, and use the information to log in as the administrator user

Steps to Exploit:

1.Determine the number of columns and which columns contain string data.

'+UNION+SELECT+NULL,username||'~'||password+FROM+users--

2.Modify the payload and send the request to the server.

3.The username and password will be shown on the page.

Remediation:

  • Use parameterized queries / prepared statements

  • Use server‑side input validation

  • Escape and sanitize user input

Lessons Learned:

Top comments (0)