Lab: SQL injection UNION attack, retrieving multiple values in a single column

Joel O.Joel O.
2 min read

In this educational guide, we will delve into the process of leveraging Burp Suite to intercept and modify requests, focusing on the product category filter. Our objective is to uncover potential SQL injection vulnerabilities, understand the database structure, and retrieve sensitive information.

Step 1: Intercepting and Modifying Requests with Burp Suite

Burp Suite, a versatile web application testing tool, empowers security professionals to identify and address potential vulnerabilities. Begin by configuring your browser to route traffic through Burp Proxy, allowing for the interception and modification of HTTP requests. As you interact with the target web application, Burp Suite captures and displays the relevant requests.

Identify the request responsible for setting the product category filter and use Burp Suite to intercept and modify this specific request.

Step 2: Determining the Number of Columns and Text Data

Inject the following payload into the category parameter to understand the structure of the database query:

plaintextCopy code'+UNION+SELECT+NULL,'abc'--

Observe the application's response. The use of the UNION SELECT statement combines the original query with a null value and a text value ('abc'). Verify that the query is returning two columns, with only one containing text data. This insight is crucial for identifying potential SQL injection vulnerabilities.

Step 3: Retrieving Usernames and Passwords

Now that a potential vulnerability is identified, proceed to retrieve the contents of the users table using the following payload:

plaintextCopy code'+UNION+SELECT+NULL,username||'~'||password+FROM+users--

Inspect the application's response to verify that it contains usernames and corresponding hashed passwords. This step confirms the extent of the vulnerability and emphasizes the importance of addressing it promptly.

Conclusion

SQL injection is a serious threat to web applications, but Burp Suite can help you find and fix these vulnerabilities. By intercepting and modifying requests, Burp Suite lets you identify suspicious behavior and protect your data.

Reference:

https://portswigger.net/web-security/sql-injection

https://portswigger.net/web-security/sql-injection/union-attacks/lab-retrieve-multiple-values-in-single-column

0
Subscribe to my newsletter

Read articles from Joel O. directly inside your inbox. Subscribe to the newsletter, and don't miss out.

SQLi#sqlinjectionBurpsuite websecurity#cybersecurityhandsonportswigger

Written by

Joel O.
Joel O.

A passionate cybersecurity enthusiast and cloud aficionado. I am on a mission to unravel the complexities of the ever-evolving cyber landscape and guide you through the vast expanse of cloud technology. As a cybersecurity professional, I bring a wealth of experience in securing digital ecosystems and defending against cyber threats. My journey in the cloud realm has been both thrilling and enlightening, and I am here to share my insights, discoveries, and practical tips with you. In these virtual pages, expect a fusion of in-depth cybersecurity analyses and explorations into the limitless possibilities of cloud computing and cybersecurity. Whether you're a seasoned cybersecurity professional, a cloud enthusiast, or someone just stepping into the digital frontier, there's something here for you.