Burp Suite User Forum

Create new post

About the Web Academy content

Ezau | Last updated: Nov 15, 2021 06:44PM UTC

Hi. I'm completely new to hacking and I'm learning web hacking through the academy here. I've noticed that some labs in the academy have it's contents differing from the solutions provided by the academy. For example: In this learning material about blind sql injection (https://portswigger.net/web-security/sql-injection/blind), you can see that the material teaches the following command: xyz' AND SUBSTRING((SELECT Password FROM Users WHERE Username = 'Administrator'), 1, 1) > 'm I spent like 4 hours trying to solve one of the labs for this topic (this lab: https://portswigger.net/web-security/sql-injection/blind/lab-conditional-responses) with no success, till I decided to see the solutions provided. At the solution, I discovered the command was wrong. To solve the lab, it's used the following command: xyz' AND (SELECT SUBSTRING(password,1,1) FROM users WHERE username='administrator')>'m Look at the difference between the two commands. It's like the SELECT and SUBSTRING words were in the wrong position (the SELECT comes first in the right query). Another lab this kind of thing happen is this (https://portswigger.net/web-security/sql-injection/blind/lab-conditional-errors), where the learning material shows this code: xyz' AND (SELECT CASE WHEN (Username = 'Administrator' AND SUBSTRING(Password, 1, 1) > 'm') THEN 1/0 ELSE 'a' END FROM Users)='a and the solution provided use this kind of code: xyz'||(SELECT CASE WHEN (1=1) THEN TO_CHAR(1/0) ELSE '' END FROM dual)|| Look at the double pipes "||" used. They were not mentioned in the learning material for this lab. I noticed this kind of thing happens in more labs (I already found 4 or 5 labs like these). I came here to ask if the content of the web academy isn't updated or if this kind of thing is done on purpose, hoping that the student can discover this kind of error in the code, so I feel dumb for not solving the lab without seeing the solution. So, I came here to ask this because when I get stuck in the labs and read the solution provided, I usually find that to solve the lab is needed something that was not mentioned in the learning material. Is the content not updated or it's just that I'm not getting things right? Thanks!

Michelle, PortSwigger Agent | Last updated: Nov 16, 2021 02:17PM UTC

Hi Thanks for your message. The learning materials will sometimes give different examples from the ones used in the solutions for the labs. This might relate to the type of database being used in the lab or there can be more than one way of constructing the SQL statement. We deliberately don't list all possible options as we want you to use the information provided to help you start to build your own queries and build your knowledge. In the Blind SQL injection with conditional responses lab (https://portswigger.net/web-security/sql-injection/blind/lab-conditional-responses) when trying to find the password, you can either use the suggestion from the solution: TrackingId=xyz' AND (SELECT SUBSTRING(password,1,1) FROM users WHERE username='administrator')='§a§ or create a slightly different SQL query based on the suggestion from the learning materials TrackingId=xyz' AND SUBSTRING((SELECT Password FROM Users WHERE username='administrator'), 1, 1) ='§a§ (as suggested by the learning materials but with the username updated to reflect the username being used by the lab which starts with a lowercase a). I hope this makes sense, feel free to give it a try :). Again, with the double pipes, although this is one of the options we don't cover in detail on the main learning materials page, we do describe in the SQL injection cheat sheet, which is intended to provide you with the building blocks you need to create your own SQL queries https://portswigger.net/web-security/sql-injection/cheat-sheet I hope you're enjoying the labs, please do not feel disheartened if you need to read a solution to solve a lab, the solutions are also there to help provide you with a way of learning, not just so that you can check your answers. Once you have completed a lab you can revisit it and try to solve it again at a later stage, so if you have used the solution the first time around you can revisit the lab and try it again later without using the solution. There is a lot to learn so it can take time, we hope you enjoy the journey. Cheers Michelle Gillian Technical Product Specialist PortSwigger

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.