Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Academy, SQL-Injection, Microsoft Version request

Volker | Last updated: May 20, 2021 10:34PM UTC

Hi, I am injecting - according to the solution and to the video - the following string into the database: https://ac1e1f9b1f4ba0a980e0fc0a0029005b.web-security-academy.net/filter?category=Gifts'+UNION+SELECT+'a','a'# And it throws an error. Why? Best Volker

Michelle, PortSwigger Agent | Last updated: May 21, 2021 02:13PM UTC

Hi Volker So we can help, can I double-check the name of the lab you're currently working on, please? Is it 'SQL injection attack, querying the database type and version on MySQL and Microsoft'?

Volker | Last updated: May 25, 2021 05:03AM UTC

Yes, you are right. That is the actual lab I am talking about.

Ben, PortSwigger Agent | Last updated: May 25, 2021 10:12AM UTC

Hi Volker, Are you entering your payload directly into the address bar of your browser or using Burp? If you are entering this directly (rather than using Burp as the solution suggests) then you need to consider whether a certain, special character needs to be encoded.

Volker | Last updated: May 27, 2021 04:46AM UTC

Thanks for the fast response.. ... and sorry for this really stupid question. I could have thought of that myself.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.