SQL Injection – querying the database type and version | PortSwigger Lab Note #6

target： Lab URL: https://portswigger.net/web-security/learning-paths/sql-injection/sql-injection-examining-the-database-in-sql-injection-attacks/sql-injection/examining-the-database/lab-querying-database-version-mysql-microsoft Tools Used: browser Burp suite Vulnerability Summary： Type: SQL Injection Description: Steps to Exploit： 1.Determine the number of columns and which columns contain string data. 2.If the error-based payload fails, try changing the comment format. 3.According to the cheat sheet, determine that the database version is MySQL, and note the space after the double dash. 4.Solve the lab with the correct payload to disclose the MySQL version information. Remediation： Use parameterized queries / prepared statements Use server‑side input validation Escape and sanitize user input Lessons Learned：

SQL Injection – querying the database type and version | PortSwigger Lab Note #6

Related Articles

Vibe Coding Isn’t for Everyone (And That’s the Point)

Sometimes We Make Mistakes (Meta’s Cost $80 Billion)

Gate.io vs KuCoin — Which Crypto Exchange Is Better? (2026)

How to Build a Real Multi-Agent Engineering Workflow With oh-my-claudecode

Clean Code Principles Every Software Engineer Should Follow

Related Articles

How-To
Vibe Coding Isn’t for Everyone (And That’s the Point)
Medium Programming • 16h ago

How-To
Sometimes We Make Mistakes (Meta’s Cost $80 Billion)
Medium Programming • 16h ago

How-To
Gate.io vs KuCoin — Which Crypto Exchange Is Better? (2026)
Dev.to Beginners • 17h ago

How-To
How to Build a Real Multi-Agent Engineering Workflow With oh-my-claudecode
Medium Programming • 18h ago

How-To
Clean Code Principles Every Software Engineer Should Follow
Medium Programming • 19h ago