CTF-Writeups/Portswigger/SQLi-Labs/Lab3.md

Portswigger SQLi-Lab 3

SQL injection UNION attack, retrieving data from other tables

This lab is continuation from the previous sqli labs and in this we have to retieve the data from users table having column names username and password knowing that the GET paramter category is vulnerable to sqli , since the tables are changed we may have to know columns from "ORDERY BY" query in sqli

Trying to find the column number using order by

So we have only 2 columns in the table

Since we know the table name we can grab data from it using the column names which are also known

With this we can grab the usernames and passwords from table

Now in order to complete this lab we need to login as adminstartor so we have his password we just need to login , so going to My Account

And we are done with this lab !