Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Bchecks bug?

and0x00 | Last updated: Jun 06, 2024 06:39PM UTC

I don't understand, but this just doesn't work for me. ``` metadata: language: v2-beta name: "Sql Injection" description: "Classic SQL Injection" given query insertion point then if {base.response.status_code} is "200" then send payload called weaponized: appending: "'" if {weaponized.response.status_code} differs from {base.response.status_code} then send payload called benign: appending: "''" if {benign.response.status_code} is {base.response.status_code} then report issue: severity: high confidence: certain detail: `When adding a single quote, the status code of the response changed from {base.response.status_code} to {weaponized.response.status_code}. When two quotes were injected, the status code of the response reverted to {base.response.status_code}. This indicates that the server is passing the user-supplied value to a database without first sanitizing the input.` remediation: "Never pass user input directly to a database, use prepared stateaments when interacting with SQL databases!" end if end if end if ``` In the output, I see things like "When adding a single quote, the status code of the response changed from 200 to 200." And I simply copied this from a PortSwigger video 'https://www.youtube.com/watch?v=NaiQMJk4nus'. I don't understand, help.

and0x00 | Last updated: Jun 06, 2024 06:41PM UTC

I tested this on the last 3 versions 2024.5.1, 2024.4.5, 2024.5.

and0x00 | Last updated: Jun 06, 2024 07:28PM UTC

Work! if {weaponized.response.status_code} differs from {base.response.status_code} then change> if not ({weaponized.response.status_code} is {base.response.status_code}) then ``` metadata: language: v2-beta name: "Sql Injection" description: "SQL Injection" given query insertion point then if {base.response.status_code} is "200" then send payload called weaponized: appending: "'" if not ({weaponized.response.status_code} is {base.response.status_code}) then send payload called benign: appending: "''" if {benign.response.status_code} is {base.response.status_code} then report issue: severity: high confidence: certain detail: `When adding a single quote, the status code of the response changed from {base.response.status_code} to {weaponized.response.status_code}. When two quotes were injected, the status code of the response reverted to {base.response.status_code}. This indicates that the server is passing the user-supplied value to a database without first sanitizing the input.` remediation: "Never pass user input directly to a database, use prepared stateaments when interacting with SQL databases!" end if end if end if ```

Michelle, PortSwigger Agent | Last updated: Jun 07, 2024 07:49AM UTC