SQL injection attack, querying the database type and version on MySQL and Microsoft | Dec 5, 2022
Introduction
Welcome to my another writeup! In this Portswigger Labs lab, you’ll learn: SQL injection attack, querying the database type and version on MySQL and Microsoft! Without further ado, let’s dive in.
- Overall difficulty for me (From 1-10 stars): ★☆☆☆☆☆☆☆☆☆
Background
This lab contains an SQL injection vulnerability in the product category filter. You can use a UNION attack to retrieve the results from an injected query.
To solve the lab, display the database version string.
Exploitation
Home page:
In the previous labs, we found that there is an SQL injection vulnerability in the product category filter:
And we found that there are 2 columns in this table.
To find the database version, we need to:
- Find out which column accepts string data type:
' UNION SELECT 'string1','string2'-- -
Both are accepting string data type.
- List the DBMS(Database Management System) version via
version():
' UNION SELECT NULL,version()-- -
What we’ve learned:
- SQL injection attack, querying the database type and version on MySQL and Microsoft