SQL injection attack, querying the database type and version on MySQL and Microsoft | Dec 5, 2022

Introduction

Welcome to my another writeup! In this Portswigger Labs lab, you’ll learn: SQL injection attack, querying the database type and version on MySQL and Microsoft! Without further ado, let’s dive in.

• Overall difficulty for me (From 1-10 stars): ★☆☆☆☆☆☆☆☆☆

Background

This lab contains an SQL injection vulnerability in the product category filter. You can use a UNION attack to retrieve the results from an injected query.

To solve the lab, display the database version string.

Exploitation

Home page:

In the previous labs, we found that there is an SQL injection vulnerability in the product category filter:

And we found that there are 2 columns in this table.

To find the database version, we need to:

• Find out which column accepts string data type:

' UNION SELECT 'string1','string2'-- -

Both are accepting string data type.

• List the DBMS(Database Management System) version via version():

' UNION SELECT NULL,version()-- -

What we’ve learned:

1. SQL injection attack, querying the database type and version on MySQL and Microsoft