SQL Injection – listing the database contents on non-Oracle databases | PortSwigger Lab Note #7

target： Lab URL: https://portswigger.net/web-security/learning-paths/sql-injection/sql-injection-examining-the-database-in-sql-injection-attacks/sql-injection/examining-the-database/lab-listing-database-contents-non-oracle# Tools Used: browser Burp suite Vulnerability Summary： Type: SQL Injection Description: The application has a login function, and the database contains a table that holds usernames and passwords. You need to determine the name of this table and the columns it contains, then retrieve the contents of the table to obtain the username and password of all users. To solve the lab, log in as the administrator user. Steps to Exploit： 1.Determine the number of columns and which columns contain string data. 2.retrieve the list of tables in the database 3.Find the name of the table containing user credentials. 4.retrieve the details of the columns in the table vulnerable 5.Find the names of the columns containing usernames and passwords 6.retrieve the usernames and passwords fo

SQL Injection – listing the database contents on non-Oracle databases | PortSwigger Lab Note #7

Related Articles

Start Here: Learning to develop your own way with SCSIC

Vibe Coding Isn’t for Everyone (And That’s the Point)

Sometimes We Make Mistakes (Meta’s Cost $80 Billion)

Gate.io vs KuCoin — Which Crypto Exchange Is Better? (2026)

How to Build a Real Multi-Agent Engineering Workflow With oh-my-claudecode

Related Articles

How-To
Start Here: Learning to develop your own way with SCSIC
Medium Programming • 15h ago

How-To
Vibe Coding Isn’t for Everyone (And That’s the Point)
Medium Programming • 16h ago

How-To
Sometimes We Make Mistakes (Meta’s Cost $80 Billion)
Medium Programming • 16h ago

How-To
Gate.io vs KuCoin — Which Crypto Exchange Is Better? (2026)
Dev.to Beginners • 17h ago

How-To
How to Build a Real Multi-Agent Engineering Workflow With oh-my-claudecode
Medium Programming • 18h ago