# Portswigger SQLi-Lab 3
## SQL injection UNION attack, retrieving data from other tables
This lab is continuation from the previous sqli labs and in this we have to retieve the data from `users` table having column names `username` and `password` knowing that the GET paramter `category` is vulnerable to sqli , since the tables are changed we may have to know columns from "ORDERY BY" query in sqli
Trying to find the column number using `order by`
So we have only 2 columns in the table
Since we know the table name we can grab data from it using the column names which are also known
With this we can grab the usernames and passwords from table
Now in order to complete this lab we need to login as `adminstartor` so we have his password we just need to login , so going to `My Account`
And we are done with this lab !