SQL Injection Portswigger Lab: Extracting Database Contents from non Oracle Databases #linux

Just wrapped up a SQL injection lab where the goal was to dump the entire user database using a UNION-based attack.

🔹 Vulnerability: The product category filter was injectable.
🔹 Method: Intercepted the request in Burp Suite, determined the number of columns, then enumerated database tables & columns.
🔹 Attack Chain:

Used UNION SELECT to find text-based columns.

Queried information_schema.tables to find user tables.

Extracted column names from information_schema.columns.

Pulled usernames & passwords with UNION SELECT.
🔹 Found admin credentia