This lab contains a SQL injection vulnerability in the product category filter. The results from the query are returned in the application's response so you can use a UNION attack to retrieve data from other tables.
The application has a login function, and the database contains a table that holds usernames and passwords. You need to determine the name of this table and the columns it contains, then retrieve the contents of the table to obtain the username and password of all users.
To solve the lab, log in as the administrator user
GOAL : → log in as the administrator user
Solution :
It’s Like the pervious lab but the type of database is different and it’s make the commands different
→ Let’s Start :
open sqlmap and do this command to know what’s the type of database
sqlmap -u "<https://0a9b006904d0e40b801e08d600f6004e.web-security-academy.net/filter?category=Pets>"
it’s Oracle Database
Another Solution to know what’s the database type
→ we can try some commands with cheat sheet for sqli and if the response is 200 ok that’s the type
After Knowing the type we we need to know How many columns in this database
Try ORDER BY 1,2--
The Response will be 200 ok and if we try ORDER BY 3 --