Interested in supporting me and gaining early access to the Web Security Academy videos when they're recorded? Consider buying my course: academy.ranakhalil.com/p/web-security-academy-video-series! ✨ ✨

For the viewers who's wondering what's the datatype used in column1 and column3. The column1 is using int datatype, I think column1 is referring to id number of the product and for column3 it's using decimal datatype which is used in prices. You could try this SQLi attack: ' UNION select 1, ''a", 1.2-- This will evaluate to true because we identified the datatypes correctly.

جزاكى الله خيرا ونفعك وزادك من فضله فى الدنيا والاخرة بأذن الله

Great stuff! Well organized lesson pattern as usual, and the scripting work at the end is highly appreciated.

Great tutorial thanks rana

Hi thanks for the fun videos, there's a little typo, if the lab is not already solved your code will always find the hardcoded string in the hint paragraph.. anyway a really easy fix is using the return code or searching for the error message inverting the match searching for 'Internal Server Error' not in r.text or using soup.find_all("th", string=stringa) as condition

Rana, thank you so much for these lessons. I hope you get to more of these long versions.

super helpful tutorials Mrs. Rana.... looking forward to more portswigger lab solution videos by you!!

This is truly gold, thanks a million

Script time is very exciting

Your content also very useful. More videos upload we are support your videos

Very very helpfull.... Thanks alot

Very detailed video.I liked ur explanation...Keep uploading such contents👍👍

Very good class!

Great Job Bud ! :-)

thanks for tutorial

Programming this was tricky and interesting (using C code)...

Great !!!!!!!

Hi, first thank you for this great tuto. But i don't understand why you don't have to use URL encoded in the second request when finding thé column type ?

We can UNION columns of different data types in majority of SQL databases like MySQL, SQLite etc there are only few DBMS like Microsoft access and Db2 which doesn't gives Unioned columns output because those columns have different data types so can we assume that in this lab one of these two DBMS are taken in use ?

thank you it was helpful , but i get error everytime i try to run the program , but i guess this is not problem with the code , its just with my pc

thanks for the video, but apparently something has changed on the site and now, even with an error of 500, there is a mention in the response body of the line that needs to be received and therefore the script says that it found the text in 1 column

In lab 4 I will get some error like an error occurred.we apologise for the inconvenience help me

I love your videos but you waste too much time going over what you did in the last video, maybe you are doing it to make your videos longer but it is indeed time wasting.