Add files via upload

2024-11-21 19:43:03 +00:00 · 2021-06-05 00:16:15 +05:00 · 2021-06-05 00:16:15 +05:00 · f963ad0928
commit f963ad0928
parent 7b8cb38859
1 changed files with 38 additions and 0 deletions
--- a/Portswigger/SQLi-Labs/Lab3.md
+++ b/Portswigger/SQLi-Labs/Lab3.md
@ -0,0 +1,38 @@
+# Portswigger SQLi-Lab 3
+## SQL injection UNION attack, retrieving data from other tables
+
+This lab is continuation from the previous sqli labs and in this we have to retieve the data from `users` table having column names `username` and `password` knowing that the GET paramter `category` is vulnerable to sqli , since the tables are changed we may have to know columns from "ORDERY BY" query in sqli
+
+<img src="https://imgur.com/ltZhhSB.png"/>
+
+Trying to find the column number using `order by`
+
+<img src="https://i.imgur.com/F2MKc0M.png"/>
+
+<img src="https://i.imgur.com/HAnkhSD.png"/>
+
+<img src="https://i.imgur.com/y4wQtUN.png"/>
+
+So we have only 2 columns in the table
+
+<img src="https://i.imgur.com/y4wQtUN.png"/>
+
+Since we know the table name we can grab data from it using the column names which are also known
+
+<img src="https://i.imgur.com/el1tCAd.png"/>
+
+With this we can grab the usernames and passwords from table 
+
+<img src="https://i.imgur.com/w5u7Fu5.png"/>
+
+<img src="https://imgur.com/QPnmTi4.png"/>
+
+Now in order to complete this lab we need to login as `adminstartor` so we have his password we just need to login , so going to `My Account`
+
+<img src="https://i.imgur.com/8sPMgEF.png"/>
+
+<img src="https://imgur.com/9YDpoez.png"/>
+
+<img src="https://i.imgur.com/Mu3pG9L.png"/>
+
+And we are done with this lab !