Hello everyone , in this post I will be sharing my solution for portswigger’s sql injeection lab # 5. This lab was a little tricky as the lab description was a little vague as it said to query “Database type” and from looking up everywhere I did not find answer to that maybe they referring data type of columns in table but still it wasn’t clear to me as the official solution did not show it as well , anyways here’s my solution.
SQL injection attack, querying the database type and version on Oracle
This lab is quite similar to what I have done in this previous labs , Technically I have already solved this before like in this lab you just need to query the database and version being used so it’s pretty easy , it also has the GET parameter category
to be vulnerable to sqli.
First we need to identify the number of columns so we are going to use order by <number
I tried to used order by 1 and 2 , it worked when I will use order by 3
it will give an error because only 2 columns exists in the table
But there’s a problem , in oracle we need to include a table name or it will give us an error
So what we can do is , use a dummy table called dual
(Ignore the lab completion as I did the lab before making this writeup)
Now we may need to use built in tables in order to retreive database and version, we can query the user by supplying user
In oracale database in order to retrieve version , we need to query for banner
from a table named v$version
Pets' union select banner,null from v$version --
With this our lab is completed !