3 Lab SQL injection UNION attack, determining the number of columns returned by the query
SQL injection vulnerability exists in the product category filter
- Open product page
- click on first product category
- add
'UNION+SELECT+NULL--after the category in the address bar internal errorshould pop up on screen- add
nulls until the query is printed to the screen'UNION+SELECT+NULL,NULL--'UNION+SELECT+NULL,NULL,NULL--
OR
- Open product page
- fire up burp suite
- Open burp
- open burp browser
- Proxy tab
- Intercept tab
- turn intercept on
- Intercept tab
- click on first category
- modify the GET request
- at end of category add
'UNION+SELECT+NULL-- -
internal errorshould pop up on screen
- back or refresh the screen and add
nulls until the query is printed to the screen'UNION+SELECT+NULL,NULL--'UNION+SELECT+NULL,NULL,NULL--