Hello everyone, in this post I will be sharing my solution for the portswigger sqli lab#4 , this is quite an easy one but a little bit tricky so let’s just start the lab
SQL injection UNION attack, retrieving multiple values in a single column
In this lab we need to retrieve data as we did in the previous lab but this time we need to get username and password in a single column so here we have the same application with the same parameter being vulnerable to sql injection
We have to columns in the table so we need to extract the data but keep in mind to only utilize one column but in this lab things are a little different if we try to query username and password if we would get an error
Here maybe the first column isn’t using string data type , let's to query username on second column
And it worked , now with this column name , we need to get password as well with the username to do that we have to do string concatenation
It worked but doesn’t look good maybe we can make better so let’s try it
Gifts' union select null,username|| ':' || password from users --This is perfect now we just need to login to the application as administrator
With this we have solved this lab !!!
