Get involved in the Burp challenge for opportunities to test your skills and win swag  –   Challenge me
Research Academy Daily Swig
My account Customers How to buy About Blog Careers Legal Contact Resellers
  1. Web Security Academy
  2. SQL injection
  3. Examining the database
  4. Lab

Lab: SQL injection attack, querying the database type and version on MySQL and Microsoft

PRACTITIONER

This lab contains an SQL injection vulnerability in the product category filter. You can use a UNION attack to retrieve the results from an injected query.

To solve the lab, display the database version string.

Access the lab

In this topic

SQL injection UNION attacks Examining the database Blind SQL injection SQL injection cheat sheet

All topics

SQL injection XSS CSRF Clickjacking DOM-based CORS XXE SSRF Request smuggling Command injection Server-side template injection Insecure deserialization Directory traversal Access control Authentication OAuth authentication Business logic vulnerabilities Web cache poisoning HTTP Host header attacks WebSockets Information disclosure File upload vulnerabilities JWT attacks Essential skills Client-side prototype pollution
Try Burp Suite for Free

Find SQL injection vulnerabilities using Burp Suite

Try for free

Stories from the Daily Swig about SQL injection

Zendesk Explore flaws opened door to account pillage

15 November 2022 Zendesk Explore flaws opened door to account pillage Patched SQLi and logical access vulnerabilities posed serious risk

Vendor disputes seriousness of firewall plugin RCE

08 September 2022 Vendor disputes seriousness of firewall plugin RCE pfSense and sensibility

Log4Shell legacy?

Patching times plummet for most critical vulnerabilities – report 30 August 2022 Log4Shell legacy? Patching times plummet for most critical vulnerabilities – report

Introducing ODGen

Graph-based JavaScript bug scanner discovers more than 100 zero-day vulnerabilities in Node.js libraries 30 August 2022 Introducing ODGen Graph-based JavaScript bug scanner discovers more than 100 zero-day vulnerabilities in Node.js libraries

Register for free to track your learning progress

The benefits of working through PortSwigger's Web Security Academy

  • Practise exploiting vulnerabilities on realistic targets.

  • Record your progression from Apprentice to Expert.

  • See where you rank in our Hall of Fame.

Already got an account? Login here