Lab 9: SQL Injection UNION Attack (Retrieving Data from Other Tables) 

Attack Vector Used

  1. SQL Injection (SQLi) via the product category filter parameter.
  2. Exploits improper input sanitization to manipulate the SQL query and extract data from other tables (e.g., `users`).

Exploitation Steps 

  1. Intercept the Request with Burp Suite
  2. Capture the HTTP request containing the category filter.
  3. Send it to Burp Repeater for manipulation.
  • Determine the Number of Columns
  • Using: ‘+UNION+SELECT+'abc','def'—
  1. If successful, confirms two columns (both text-based).
  • Extract Data from the `users` Table
  • Using: '+UNION+SELECT+username,+password+FROM+users—
  1. Verify the response contains usernames and passwords.
  1. Use the username and password provided to login.

Mitigation Strategies

  1. Use Prepared Statements (Parameterized Queries): Prevents SQLi by separating code from data. 
  2. Input Validation & Sanitization: Restrict input to expected formats (e.g., allow only alphanumeric for categories). 
  3. Least Privilege for Database Users: Limit DB user permissions (e.g., `SELECT` only on required tables). 
  4. Web Application Firewall (WAF): Blocks malicious payloads (e.g., SQLi patterns). 
  5. Regular Security Testing: Conduct penetration testing and code reviews to catch vulnerabilities early. 

Conclusion 

This lab demonstrates how a UNION-based SQL injection can bypass filters and extract sensitive data. Always secure applications with proper coding practices and defensive measures.

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments

Trending now

How to Secure Sensitive Data in the Cloud
Building Your Career: In-Demand Cybersecurity Skills to Learn Now
The Rise of AI-Powered Cyber Attacks: How to Stay Ahead of Hackers
Proven Cybersecurity Home Lab Setup: VMware, Kali Linux & Vulnerable Machines
0
Would love your thoughts, please comment.x
()
x