Hackzzz - The Notebook

SQL injection UNION attack, finding a column containing text

https://portswigger.net/web-security/sql-injection/union-attacks/lab-find-column-containing-text

Level: Practitioner

This time what we need to do is find a writable field to retrieve info about other tables, users, DB's.

First find out how many columns are in the following table you are using.

Now to know the writable field, try to go on each column field replacing it with a simple string as the following.

PreviousSQL injection UNION attack, determining the number of columns returned by the query NextSQL injection UNION attack, retrieving data from other tables

Last updated 1 year ago