SQL injection attack, listing the database contents on non-Oracle databases

Hey hackers! I am back again to discuss how I was successfully able to complete this lab on Web Security Academy.

Aim:

- Determine the name of the table that holds users’ information.

- Determine the columns that contain the usernames and passwords.

- Retrieve the username and passwords from the column.

- Log in as administrator.

Tools:

• Burp Suite Community Edition
• Web Security Academy — SQL injection learning path

As with the previous blog we need to follow certain steps to get the information we need.

1. Determine how many columns are in the database table for the product filter Accessories. --> ‘UNION+SELECT+NULL,+NULL- -

Two columns are in the database

2. What columns hold text? --> ‘UNION+SELECT+‘ABC’+‘DEF’- -

Both columns hold text.

3. List the tables in the database …

But first, we need to use the cheat sheet to know what database we will be accessing.

It was discovered that the database version is PostgreSQL and we will use that information to get the defined table names and column names for that database.

Below we see the defined table name is table_name and the column name is column_name

We will now use the defined table name and column name with the cheat sheet for PostgreSQL to get the name of the table.

Use the below to get the name of the table:

‘UNION+SELECT+table_name+FROM+information_schema.tables- -

table name was found to be — users_zovrsb. I went searching for a table with potential usernames and passwords therefore it is likely such a table would contain users and the name would be users.

4. Get the columns that contains the usernames and passwords by entering

‘UNION+SELECT+column_names+FROM+information.schema.columns+WHERE+table_name=‘users_zovrsb’- -

All usernames and passwords are now displayed.

5. Use the administrator information to log in

The lab is now solved!!!

Follow my blog for more SQL injection labs and cybersecurity-related content.