Open in app

Sign in

Write

Sign in

SQL injection UNION attack: Retrieving interesting data

Katjah Smith👩🏽‍💻
2 min readFeb 3, 2022

--

Welcome hackers and future hackers! Consistency is the order of the day. I am back with a Lab#5 write up(Web Security Academy — SQL injection).

So we know from the previous lab write up:

  1. How to find how many columns are in an application’s database.
  2. Useful data are of data type string and how to find which column has a string data type.

Now, we will use SQL injection to retrieve useful and interesting data.

So we know there is two columns in the application’s database:

‘UNION+SELECT+NULL,+NULL — -

And that both columns hold text:

‘UNION+SELECT+ ‘ABC’ , ‘EFG’ — -

So now we inject the SQL payload:

‘UNION+SELECT+username,+password+FROM+users

This is used to get the username and password from the users table database.

The result:

We now have three usernames and passwords but we only need the administrator for the lab.

So we log in as administrator:

We are successfully logged in as administrator:

Another successful lab. I really enjoy doing these labs. I hope you enjoyed my write up as well.

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Sql Injection
Burpsuite
Web Security Testing
Web Security Academy
Cyber Security Training

--

--

Katjah Smith👩🏽‍💻
Katjah Smith👩🏽‍💻

Written by Katjah Smith👩🏽‍💻

140 Followers
28 Following

I'm here to write about my experiences and all that I am learning while exploring the fascinating world of tech and cybersecurity. Follow my blog.

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams