SQL Injection – UNION attack | PortSwigger Lab Note #3

target： Lab URL: https://portswigger.net/web-security/learning-paths/sql-injection/sql-injection-determining-the-number-of-columns-required/sql-injection/union-attacks/lab-determine-number-of-columns Tools Used: browser Burp suite Vulnerability Summary： Type: SQL Injection Description: To solve the lab, determine the number of columns returned by the query by performing a SQL injection UNION attack Steps to Exploit： 1.Click any category to send a request to the server and check the query. 2.Modify the parameter multiple times, then try to determine the number of columns returned by the query. 3.If there are no errors, you have found the number of columns. Remediation： Use parameterized queries (prepared statements) instead of dynamic SQL. Apply strict input validation on user-supplied data. Use least-privileged database accounts to reduce impact. Lessons Learned：

SQL Injection – UNION attack | PortSwigger Lab Note #3

Related Articles

Start Here: Learning to develop your own way with SCSIC

Vibe Coding Isn’t for Everyone (And That’s the Point)

Sometimes We Make Mistakes (Meta’s Cost $80 Billion)

Gate.io vs KuCoin — Which Crypto Exchange Is Better? (2026)

How to Build a Real Multi-Agent Engineering Workflow With oh-my-claudecode

Related Articles

How-To
Start Here: Learning to develop your own way with SCSIC
Medium Programming • 13h ago

How-To
Vibe Coding Isn’t for Everyone (And That’s the Point)
Medium Programming • 15h ago

How-To
Sometimes We Make Mistakes (Meta’s Cost $80 Billion)
Medium Programming • 15h ago

How-To
Gate.io vs KuCoin — Which Crypto Exchange Is Better? (2026)
Dev.to Beginners • 16h ago

How-To
How to Build a Real Multi-Agent Engineering Workflow With oh-my-claudecode
Medium Programming • 17h ago