https://portswigger.net/web-security/sql-injection/examining-the-database/lab-querying-database-version-oracle

INFO Lab:

This lab contains a SQL injection vulnerability in the product category filter. You can use a UNION attack to retrieve the results from an injected query.

To solve the lab, display the database version string.

GOAL : → Display the database version string

Steps For Solving :

First We need to know what’s the type of the database you can use more method to know

  1. you can use cheat sheet of sqli from portswigger
  2. https://portswigger.net/web-security/sql-injection/cheat-sheet

⇒ i used sqlmap to know the database and i know some information about website but not important in this lab

sqlmap -u "<https://0afa00a70417c13a80c4089e00e9001e.web-security-academy.net/filter?category=Pets>" -p category --dbs

you will show on this screen INFO about database type ⇒ the back-end is oracle and i got the databases 😄. and if i need to know tables and columns it will be easy . so that i always using sqlmap

you will show on this screen INFO about database type ⇒ the back-end is oracle and i got the databases 😄. and if i need to know tables and columns it will be easy . so that i always using sqlmap

⇒ We Need To know how many columns in table of this database 😄

so we will using this command to know how many columns → any 200 ok . it’s refered to it’s a columns

ORDER BY 1--

Screenshot_2025-04-11_03-43-25.png

it’s give us a response this is meaning we have one column

let’s try 2

ORDER BY 2--