SQL Injection – UNION attack, retrieving data from other tables | PortSwigger Lab Note #4

Published: 9 hours ago (March 9, 2026 at 09:20 AM EDT)

1 min read

Source: Dev.to

Source: Dev.to

Target

Lab URL: SQL Injection – UNION attack, retrieving data from other tables

Tools Used

Browser
Burp Suite

Vulnerability Summary

Type: SQL Injection
Description:
To solve the lab, perform a SQL injection UNION attack that retrieves all usernames and passwords, and use the information to log in as the administrator user.

Steps to Exploit

Using the technique mentioned in the previous note, determine the number of columns returned by the query and which columns contain text data. Verify that the query returns two columns, both of which contain text.
Inject the payload and obtain the password belonging to the administrator.

Remediation

Use parameterized queries / prepared statements.
Implement server‑side input validation.
Escape and sanitize user input.

Lessons Learned

When you have determined the number of columns returned by the original query and identified which columns can hold string data, you are in a position to retrieve interesting data.

SQL Injection – UNION attack, retrieving data from other tables | PortSwigger Lab Note #4

Target

Tools Used

Vulnerability Summary

Steps to Exploit

Remediation

Lessons Learned

Related posts

How to Build a Custom MCP Tool in Under 10 Min

I Built an Open-Source CLI That Diagnoses Production Incidents in 30 Seconds — Looking for Contributors

Your AI Agent Is Dumpster Diving Through Your Code,,,

Watson's Contract Problem: What AI Teaches Us About Tech Debt