SQL Injection – UNION attack, retrieving multiple values in a single column | PortSwigger Lab Note #5

target： Lab URL: https://portswigger.net/web-security/learning-paths/sql-injection/sql-injection-retrieving-multiple-values-within-a-single-column/sql-injection/union-attacks/lab-retrieve-multiple-values-in-single-column Tools Used: browser Burp suite Vulnerability Summary： Type: SQL Injection Description: To solve the lab, perform a SQL injection UNION attack that retrieves all usernames and passwords, and use the information to log in as the administrator user Steps to Exploit： 1.Determine the number of columns and which columns contain string data. '+UNION+SELECT+NULL,username||'~'||password+FROM+users-- 2.Modify the payload and send the request to the server. 3.The username and password will be shown on the page. Remediation： Use parameterized queries / prepared statements Use server‑side input validation Escape and sanitize user input Lessons Learned：

SQL Injection – UNION attack, retrieving multiple values in a single column | PortSwigger Lab Note #5

Related Articles

Start Here: Learning to develop your own way with SCSIC

Vibe Coding Isn’t for Everyone (And That’s the Point)

Sometimes We Make Mistakes (Meta’s Cost $80 Billion)

Gate.io vs KuCoin — Which Crypto Exchange Is Better? (2026)

How to Build a Real Multi-Agent Engineering Workflow With oh-my-claudecode

Related Articles

How-To
Start Here: Learning to develop your own way with SCSIC
Medium Programming • 15h ago

How-To
Vibe Coding Isn’t for Everyone (And That’s the Point)
Medium Programming • 16h ago

How-To
Sometimes We Make Mistakes (Meta’s Cost $80 Billion)
Medium Programming • 16h ago

How-To
Gate.io vs KuCoin — Which Crypto Exchange Is Better? (2026)
Dev.to Beginners • 17h ago

How-To
How to Build a Real Multi-Agent Engineering Workflow With oh-my-claudecode
Medium Programming • 18h ago