Hello everyone , in this post I will be sharing my solution for portswigger’s sql injeection lab # 5. This lab was a little tricky as the lab description was a little vague as it said to query “Database type” and from looking up everywhere I did not find answer to that maybe they referring data type of columns in table but still it wasn’t clear to me as the official solution did not show it as well , anyways here’s my solution.
SQL injection attack, querying the database type and version on Oracle
This lab is quite similar to what I have done in this previous labs , Technically I have already solved this before like in this lab you just need to query the database and version being used so it’s pretty easy , it also has the GET parameter
category to be vulnerable to sqli.
First we need to identify the number of columns so we are going to use
order by <number
I tried to used order by 1 and 2 , it worked when I will use
order by 3 it will give an error because only 2 columns exists in the table
But there’s a problem , in oracle we need to include a table name or it will give us an error
So what we can do is , use a dummy table called
(Ignore the lab completion as I did the lab before making this writeup)
Now we may need to use built in tables in order to retreive database and version, we can query the user by supplying
In oracale database in order to retrieve version , we need to query for
banner from a table named
Pets' union select banner,null from v$version --
With this our lab is completed !