mirror of
https://github.com/AbdullahRizwan101/CTF-Writeups
synced 2024-11-22 03:53:03 +00:00
Add files via upload
This commit is contained in:
parent
7b8cb38859
commit
f963ad0928
1 changed files with 38 additions and 0 deletions
38
Portswigger/SQLi-Labs/Lab3.md
Normal file
38
Portswigger/SQLi-Labs/Lab3.md
Normal file
|
@ -0,0 +1,38 @@
|
|||
# Portswigger SQLi-Lab 3
|
||||
## SQL injection UNION attack, retrieving data from other tables
|
||||
|
||||
This lab is continuation from the previous sqli labs and in this we have to retieve the data from `users` table having column names `username` and `password` knowing that the GET paramter `category` is vulnerable to sqli , since the tables are changed we may have to know columns from "ORDERY BY" query in sqli
|
||||
|
||||
<img src="https://imgur.com/ltZhhSB.png"/>
|
||||
|
||||
Trying to find the column number using `order by`
|
||||
|
||||
<img src="https://i.imgur.com/F2MKc0M.png"/>
|
||||
|
||||
<img src="https://i.imgur.com/HAnkhSD.png"/>
|
||||
|
||||
<img src="https://i.imgur.com/y4wQtUN.png"/>
|
||||
|
||||
So we have only 2 columns in the table
|
||||
|
||||
<img src="https://i.imgur.com/y4wQtUN.png"/>
|
||||
|
||||
Since we know the table name we can grab data from it using the column names which are also known
|
||||
|
||||
<img src="https://i.imgur.com/el1tCAd.png"/>
|
||||
|
||||
With this we can grab the usernames and passwords from table
|
||||
|
||||
<img src="https://i.imgur.com/w5u7Fu5.png"/>
|
||||
|
||||
<img src="https://imgur.com/QPnmTi4.png"/>
|
||||
|
||||
Now in order to complete this lab we need to login as `adminstartor` so we have his password we just need to login , so going to `My Account`
|
||||
|
||||
<img src="https://i.imgur.com/8sPMgEF.png"/>
|
||||
|
||||
<img src="https://imgur.com/9YDpoez.png"/>
|
||||
|
||||
<img src="https://i.imgur.com/Mu3pG9L.png"/>
|
||||
|
||||
And we are done with this lab !
|
Loading…
Reference in a new issue