SQL Injection - Lab #4 SQL injection UNION attack, finding a column containing text

Показать описание

In this video, we cover Lab #4 in the SQL injection track of the Web Security Academy. This lab contains an SQL injection vulnerability in the product category filter. To solve the lab, we perform a SQL injection attack that returns an additional row containing the value provided. This technique helps us determine which columns are compatible with string data.

▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬

▬ Contents of this video ▬▬▬▬▬▬▬▬▬▬
00:00 - Introduction
01:29 - Background theory
08:19 - Understand the exercise and make notes about what is required to solve it
09:33 - Exploit the lab manually
13:51 - Script the exploit
28:45 - Summary
29:09 - Thank You

▬ Links ▬▬▬▬▬▬▬▬▬▬

Рекомендации по теме

Комментарии

جزاكى الله خيرا ونفعك وزادك من فضله فى الدنيا والاخرة بأذن الله

mostafasayed

This is truly gold, thanks a million

ДмитрийКузнецов-яд

Programming this was tricky and interesting (using C code)...

sto

For the viewers who's wondering what's the datatype used in column1 and column3. The column1 is using int datatype, I think column1 is referring to id number of the product and for column3 it's using decimal datatype which is used in prices.

You could try this SQLi attack:
' UNION select 1, ''a", 1.2--

This will evaluate to true because we identified the datatypes correctly.

roastedChickn

Hi thanks for the fun videos, there's a little typo, if the lab is not already solved your code will always find the hardcoded string in the hint paragraph.. anyway a really easy fix is using the return code or searching for the error message inverting the match searching for 'Internal Server Error' not in r.text or using soup.find_all("th", string=stringa) as condition

fusillator

Great stuff! Well organized lesson pattern as usual, and the scripting work at the end is highly appreciated.

damianhamilton

thanks for the video, but apparently something has changed on the site and now, even with an error of 500, there is a mention in the response body of the line that needs to be received and therefore the script says that it found the text in 1 column

siemens_c

We can UNION columns of different data types in majority of SQL databases like MySQL, SQLite etc there are only few DBMS like Microsoft access and Db2 which doesn't gives Unioned columns output because those columns have different data types so can we assume that in this lab one of these two DBMS are taken in use ?

nishantdalvi

In lab 4 I will get some error like an error occurred.we apologise for the inconvenience help me

captainnitin

Rana, thank you so much for these lessons. I hope you get to more of these long versions.

hackandmove

super helpful tutorials Mrs. Rana.... looking forward to more portswigger lab solution videos by you!!

sid

Very detailed video.I liked ur explanation...Keep uploading such contents👍👍

sudipdutta

Hi, first thank you for this great tuto. But i don't understand why you don't have to use URL encoded in the second request when finding thé column type ?

randriamahandryrado

thank you it was helpful, but i get error everytime i try to run the program, but i guess this is not problem with the code, its just with my pc

tmeerkais

I love your videos but you waste too much time going over what you did in the last video, maybe you are doing it to make your videos longer but it is indeed time wasting.

LeslieJhe

SQL Injection - Lab #4 SQL injection UNION attack, finding a column containing text