INFO about LAB :
This lab contains a SQL injection vulnerability in the product category filter. You can use a UNION attack to retrieve the results from an injected query.
To solve the lab, display the database version string
GOAL :→Display the database version string
First we will access the lab
→ i used sqlmap to know what’s the type of data base and version
sqlmap -u "<https://0a900018041e3a438109753500090018.web-security-academy.net/filter?category=Pets>"
→ we will notice datatype is MYSQL and version is 5.1
ok, after know the database type and version we need to know how many columns in this database
PETS' UNION SELECT Null--
i try more than one time with this payload but every time i got > 500 internal server error
and i try with
PETS' UNION SELECT NULL,NULL--
i will try to replace the comment with # (we can comment with - - or # it’s do the same thing)