Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data

Dawid | Last updated: Apr 17, 2024 09:42PM UTC

Hi, referring to the lab I wrote in subject, I am following lab solution and either I do something wrong or there is some bug. I am on the Tech Gifts page, and trying this address directly from my browser (blablabla=some characters only for this lab) : https://blablabla.web-security-academy.net/filter?category=Tech+gifts'+OR+1=1-- trying by encoding html https://blablabla.web-security-academy.net/filter?category=Tech+gifts'%2bOR%2b1%3d1-- by repeater GET /filter?category=Accessories'+OR+1%d1-- HTTP/2 tried only ' OR 1=1-- etc. but no results. and I still get http 500 - internal server error. Do I do something wrong? Can I ask someone to check it? Thank you in advance, Dawid.

Dominyque, PortSwigger Agent | Last updated: Apr 18, 2024 09:13AM UTC

Hi Dawid We have tested the lab and can confirm that it works as intended. I have added a screenshot showing the changes I made to Repeater to solve the lab: https://snipboard.io/Ab40WJ.jpg

Dawid | Last updated: Apr 19, 2024 11:58AM UTC

Hm. I did exacly like you. Please check the screenshot, still no success:< https://snipboard.io/1AQONW.jpg

Dominyque, PortSwigger Agent | Last updated: Apr 19, 2024 12:43PM UTC

Hi Dawid. Are you using the embedded browser to attempt the lab or an external browser? If you sent a normal request from Repeater, do you still receive the RST_STREAM error? For example, proxy the home page of that lab, send the request to Repeater, and then press send. Do you receive a response or get the RST_SREAM error message at the bottom of Repeater?

Dawid | Last updated: Apr 21, 2024 08:31PM UTC

Hi Dominyque, I use firefox for that, but I don't have any issues with proxy, I configured it as PortSwigger asked - I don't experience other problems than only in this lab. If I send from repeater home page, everything is OK and I've got 200, please check below : https://snipboard.io/u4gaV0.jpg so seems like no browser issue. I tried it once again (firstly I checked it from the first path, server-side vulnerabilities) and now I can retry it in SQL injection (the same lab) but it still doesnt work and shows me lab not solved. That's crazy :D

Ben, PortSwigger Agent | Last updated: Apr 22, 2024 07:59AM UTC

Hi Dawid, To confirm, are you still not receiving a response when you try and send the payload for the SQL lab? If you could perform the test of sending the request to the home page of the lab, and make sure you are receiving a 200 response, and then try and send the request in the written solution to solve the lab can you confirm what you are then seeing?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.