SQL injection UNION attack, finding a column containing text
https://portswigger.net/web-security/sql-injection/union-attacks/lab-find-column-containing-text
Level: Practitioner
This time what we need to do is find a writable field to retrieve info about other tables, users, DB's.
First find out how many columns are in the following table you are using.
Now to know the writable field, try to go on each column field replacing it with a simple string as the following.
PreviousSQL injection UNION attack, determining the number of columns returned by the queryNextSQL injection UNION attack, retrieving data from other tables
Last updated