Burp Suite User Forum

Login to post

Academy lab "Blind SQL injection with time delays and information retrieval" times out

Alysson | Last updated: Feb 21, 2021 11:31PM UTC

In a manner similar to my other report (https://forum.portswigger.net/thread/academy-lab-blind-sql-injection-with-conditional-responses-times-out-0a70cd95), this lab also times out after about 390 requests are sent. The problem in this one is that not even Burp Pro edition will cut it. The user is required to send all requests using one thread in any case and more than 700 requests have to be sent. At some point the server starts to return a 504 response with the message "Server Error: Gateway Timeout (0) connecting to SERVER_ID.web-security-academy.net" I can safely assume this lab is broken right now. Is there something you can do to resolve this situation?

Michelle, PortSwigger Agent | Last updated: Feb 22, 2021 03:11PM UTC

Thanks for getting in touch. When you start the attack in Intruder what response times are you seeing for the majority of the responses (excluding the one where the intended delay occurs)? How many characters within the password have you identified before you start seeing the timeout messages?

Alysson | Last updated: Feb 24, 2021 06:02PM UTC

I was able to retrieve 9 characters before the 504 message was returned. I could not save the attack results so I do not know at this time what were the response times involved. I'm positive that the attack would have worked if it was somehow given enough time to complete, though.

Michelle, PortSwigger Agent | Last updated: Feb 25, 2021 03:13PM UTC

I've just tested the lab and was able to test to find all 20 characters, so this is likely to be linked to connection speed rather than the number of requests. If you have time, can you run a test and let me know how long it takes to cycle through the options to test for 1 character and what response times you see, please? If you refresh the home page of the lab after finding each character are you able to continue testing longer?

You need to Log in to post a reply. Or register here, for free.