.png)
Go to User Lookup page http://127.0.0.1/index.php?page=user-info.php
in this case we need to find the number of columns, the idea is to user the SQL operator 'ORDER BY' to simulate a sorting of column, if we'll have a SQL error for the column with number columns_number + 1, it means that the columns_number tested was correct
Payload -> ' ORDER BY columns_number+1 #
.png)
No SQL error, than 5 columns isn't the correct answer, continuing 10 is the correct answer because ' ORDER BY 11 # payload generates a SQL error:
.png)