Lab: SQL injection attack, querying the database type and version on MySQL and Microsoft

PRACTITIONER

This lab contains an SQL injection vulnerability in the product category filter. You can use a UNION attack to retrieve the results from an injected query.

To solve the lab, display the database version string.

Hint

You can find some useful payloads on our SQL injection cheat sheet.

Access the lab

Solution

Use Burp Suite to intercept and modify the request that sets the product category filter.
Determine the number of columns that are being returned by the query and which columns contain text data. Verify that the query is returning two columns, both of which contain text, using a payload like the following in the category parameter: '+UNION+SELECT+'abc','def'#
Use the following payload to display the database version: '+UNION+SELECT+@@version,+NULL#

Community solutions

Michael Sommer

Want to track your progress and have a more personalized learning experience? (It's free!)

In this topic

SQL injection UNION attacks Examining the database Blind SQL injection SQL injection cheat sheet

Find SQL injection vulnerabilities using Burp Suite

The benefits of working through PortSwigger's Web Security Academy

Get started with the Web Security Academy where you can practise exploiting vulnerabilities on realistic targets .. and its free!

^{Already got an account?
Login here}

Lab: SQL injection attack, querying the database type and version on MySQL and Microsoft

Hint

Solution

Community solutions

Michael Sommer

In this topic

All topics

Find SQL injection vulnerabilities using Burp Suite

Stories from the Daily Swig about SQL injection

Post-mortem

Bug Bounty Radar // April 2021

Latest web hacking tools – Q1 2021

Security researcher launches GoFundMe campaign to fight legal threat

Find SQL injection vulnerabilities using Burp Suite