SQL injection UNION attack: Retrieving interesting data
Welcome hackers and future hackers! Consistency is the order of the day. I am back with a Lab#5 write up(Web Security Academy — SQL injection).
So we know from the previous lab write up:
- How to find how many columns are in an application’s database.
- Useful data are of data type string and how to find which column has a string data type.
Now, we will use SQL injection to retrieve useful and interesting data.
So we know there is two columns in the application’s database:
‘UNION+SELECT+NULL,+NULL — -
And that both columns hold text:
‘UNION+SELECT+ ‘ABC’ , ‘EFG’ — -
So now we inject the SQL payload:
‘UNION+SELECT+username,+password+FROM+users
This is used to get the username and password from the users table database.
The result:
We now have three usernames and passwords but we only need the administrator for the lab.
So we log in as administrator:
We are successfully logged in as administrator:
Another successful lab. I really enjoy doing these labs. I hope you enjoyed my write up as well.
