Portswigger SQLi-Lab 4

Hello everyone, in this post I will be sharing my solution for the portswigger sqli lab#4 , this is quite an easy one but a little bit tricky so let’s just start the lab

SQL injection UNION attack, retrieving multiple values in a single column

In this lab we need to retrieve data as we did in the previous lab but this time we need to get username and password in a single column so here we have the same application with the same parameter being vulnerable to sql injection

We have to columns in the table so we need to extract the data but keep in mind to only utilize one column but in this lab things are a little different if we try to query username and password if we would get an error

Here maybe the first column isn’t using string data type , let's to query username on second column

And it worked , now with this column name , we need to get password as well with the username to do that we have to do string concatenation

It worked but doesn’t look good maybe we can make better so let’s try it

Gifts' union select null,username|| ':' || password from users --

This is perfect now we just need to login to the application as administrator

With this we have solved this lab !!!

BS CS undergraduate | CTF Player