Add files via upload

Portswigger/SQLi-Labs/Lab6.md

@@ -0,0 +1,49 @@
+# Portswigger  SQLi-Lab 6
+
+## SQL injection attack, querying the database type and version on MySQL and Microsoft
+
+This lab is similar to the lab#5 which invloved query version of oracle database , so this also involves the GET parameter `category` vulnerable to sqli
+
+<img src="https://i.imgur.com/7ydvvXB.png"/>
+
+
+<img src="https://i.imgur.com/BZBCH4a.png"/>
+
+Here the blind sqli didn't work although I have it right but it's just not working so I launched burpsuite and intercepted the request and send it to burp repeater
+
+<img src="https://i.imgur.com/ZwOu80C.png"/>
+
+Now on your keyboard press `CTRL+R` this will send the request to brup repeater
+
+<img src="https://i.imgur.com/Yl97L64.png"/>
+
+<img src="https://i.imgur.com/V8TkIyI.png"/>
+
+Our blind sqli works with burp don't know why but let's roll with it and identify the number of columns
+
+<img src="https://i.imgur.com/L4zoLOm.png"/>
+
+Notice that I used `--` , well in mysql both `#` and `--`  works for comments but -- works if we supply a space afterwards that's why I included `+` which tells it's a space in url encoding
+
+<img src="https://i.imgur.com/QsEg22D.png"/>
+
+So second column exists as well , let's try for the third column
+
+<img src="https://i.imgur.com/Sm8hPxj.png"/>
+
+Here only 2 columns exists so now we can use union based sqli to know the version of mysql database
+
+<img src="https://i.imgur.com/8pwEqu1.png"/>
+
+With this we completed this lab
+
+<img src="https://i.imgur.com/BNr1Jon.png"/>
+
+In the end I noticed that all we wanted to do was to url encode our sqli payload
+
+```sql
+Accessories'+union+select+@@version,null+--+
+```
+<img src="https://i.imgur.com/Bvd35eo.png"/>
+
+<img src="https://i.imgur.com/n28sR0V.png"/>

Portswigger/SQLi-Labs/Lab8.md

@@ -0,0 +1,66 @@
+# Portswigger  SQLi-Lab 8
+
+## SQL injection attack, listing the database contents on Oracle
+
+This labs is similar to lab#7 in which we listed the tables in postgresql database but now we are presented with oracle database on web application in which `category` a GET paramter is vulnerable to sqli
+
+<img src="https://i.imgur.com/Jt0D4TO.png"/>
+
+Knowing the database is orcale we can first try blind sqli 
+
+<img src="https://i.imgur.com/TD9uRPH.png"/>
+
+It works , now we need to identifiy the number of columns
+
+<img src="https://i.imgur.com/TP1UFFC.png"/>
+
+<img src="https://i.imgur.com/OAo04vU.png"/>
+
+<img src="https://i.imgur.com/Vw8r6v4.png"/>
+
+Here we get an error which means there are only 2 columns in the table, so now let's identify the version for that we need to supply a table name and for query the version we specify `v$version` table which is a builtin table having information for version of oracle database
+
+```sql
+Gifts' union select banner,null from v$version --
+```
+
+<img src="https://i.imgur.com/P2jxsOQ.png"/>
+
+<img src="https://i.imgur.com/bsrkN0o.png"/>
+
+Perfect now let's try leak table names
+
+<img src="https://i.imgur.com/7DXliKM.png"/>
+
+`all_tables` is similar to `information.schema.tables` which we have seen in postgresql which holds inforamtion all tables in database
+
+```sql
+Gifts' union select table_name,null from all_tables--
+```
+
+<img src="https://i.imgur.com/mHcWAA5.png"/>
+
+<img src="https://i.imgur.com/YHxd42d.png"/>
+
+Now we need to retrieve the column names for the table `USERS_BDRDAO`
+
+```sql
+Gifts' union select column_name,null from all_tab_columns where table_name = 'USERS_BDRDAO' --
+```
+
+<img src="https://i.imgur.com/gxYxkqH.png"/>
+
+<img src="https://i.imgur.com/7SM1YSI.png"/>
+
+<img src="https://i.imgur.com/6hXEjT0.png"/>
+
+<img src="https://i.imgur.com/H90KE5s.png"/>
+
+```sql
+Gifts' union select USERNAME_ZYPQTA ,PASSWORD_INGWFD from USERS_BDRDAO --
+
+```
+
+And we got the credentials now we just need to login with the adminstartor account and we'll complete this lab
+
+<img src="https://i.imgur.com/1lO1g9r.png"/>