Portswigger SQLi-Lab5

ARZ101
3 min readJun 10, 2021

--

Hello everyone , in this post I will be sharing my solution for portswigger’s sql injeection lab # 5. This lab was a little tricky as the lab description was a little vague as it said to query “Database type” and from looking up everywhere I did not find answer to that maybe they referring data type of columns in table but still it wasn’t clear to me as the official solution did not show it as well , anyways here’s my solution.

SQL injection attack, querying the database type and version on Oracle

This lab is quite similar to what I have done in this previous labs , Technically I have already solved this before like in this lab you just need to query the database and version being used so it’s pretty easy , it also has the GET parameter category to be vulnerable to sqli.

First we need to identify the number of columns so we are going to use order by <number

I tried to used order by 1 and 2 , it worked when I will use order by 3 it will give an error because only 2 columns exists in the table

But there’s a problem , in oracle we need to include a table name or it will give us an error

So what we can do is , use a dummy table called dual

(Ignore the lab completion as I did the lab before making this writeup)

Now we may need to use built in tables in order to retreive database and version, we can query the user by supplying user

In oracale database in order to retrieve version , we need to query for banner from a table named v$version

Pets' union select banner,null from v$version --

With this our lab is completed !

--

--

ARZ101
ARZ101

Written by ARZ101

Smol Pentester| OSCP | CTF Player | UwU

No responses yet