Mirrors/CTF-Writeups
2
0
Fork 0
mirror of https://github.com/AbdullahRizwan101/CTF-Writeups synced 2025-02-18 04:58:24 +00:00
Code Issues Projects Releases Packages Wiki Activity
CTF-Writeups/Portswigger/SQLi-Labs/Lab6.md
ARZ 825a53f080
Add files via upload
2021-06-11 00:04:56 +05:00

1.7 KiB
Raw Blame History

Portswigger SQLi-Lab 6

SQL injection attack, querying the database type and version on MySQL and Microsoft

This lab is similar to the lab#5 which invloved query version of oracle database , so this also involves the GET parameter category vulnerable to sqli

Here the blind sqli didn't work although I have it right but it's just not working so I launched burpsuite and intercepted the request and send it to burp repeater

Now on your keyboard press CTRL+R this will send the request to brup repeater

Our blind sqli works with burp don't know why but let's roll with it and identify the number of columns

Notice that I used -- , well in mysql both # and -- works for comments but -- works if we supply a space afterwards that's why I included + which tells it's a space in url encoding

So second column exists as well , let's try for the third column

Here only 2 columns exists so now we can use union based sqli to know the version of mysql database

With this we completed this lab

In the end I noticed that all we wanted to do was to url encode our sqli payload

Accessories'+union+select+@@version,null+--+