Portswigger SQLi-Lab 3

ARZ101
3 min readJun 4, 2021

--

Hello everyone , in this post I will be sharing my solution for portswigger sqli lab # 3 so without further ado let’s jump in

SQL injection UNION attack, retrieving data from other tables

This lab is continuation from the previous sqli labs and in this we have to retrieve the data from users table having column names username and password knowing that the GET parameter category is vulnerable to sqli , since the tables are changed we may have to know columns from "ORDERY BY" query in sqli

Trying to find the column number using order by

So we have only 2 columns in the table

Since we know the table name we can grab data from it using the column names which are also known

With this we can grab the usernames and passwords from table

Now in order to complete this lab we need to login as administrator so we have his password we just need to login , so going to My Account

And we are done with this lab !

--

--