Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Error in Academy? Lab: Blind SQL injection with conditional responses

Javier | Last updated: Apr 30, 2020 08:43AM UTC

Hi, First of all, thanks for you Academy, i am really enjoining it. I'd like ask you a dought. I am in: Lab: Blind SQL injection with conditional responses But i cant reproduce the examples and the solution that is in the web. The solution has: TrackingId=x'+OR+1=2-- Are you sure that is a OR? I think it has to be an "AND". If i send: Cookie: TrackingId=wGrRnkzzW7UHNVFb'+OR+2=1--; I receive: <div>Welcome back!</div><p>|</p> The same happends with the payload of the explication: ' UNION SELECT 'a' WHERE 2=1--; I receive the Welcome mensage: <div>Welcome back!</div><p>|</p> Now, i am with: Lab: Blind SQL injection with conditional errors I think it happends something seems, but im no sure. I'm traying... right now. Thanks again.

Uthman, PortSwigger Agent | Last updated: Apr 30, 2020 09:08AM UTC

You are sending your actual TrackingId cookie instead of the 'x' in the solution so you are creating a true condition instead of a false one. Your solution: TrackingId=wGrRnkzzW7UHNVFb'+OR+2=1-- == TRUE. Since this is a comparison against a TRUE/FALSE condition, it ultimately evaluates as TRUE. Our solution: TrackingId=x'+OR+1=2--. This creates a FALSE condition since your tracking ID is not equal to x and 1 = 2 is not TRUE. Can you replace your TrackingId cookie with x and see if that works? (The 'Welcome back' message should not appear)

Javier | Last updated: Apr 30, 2020 12:51PM UTC