Burp Suite User Forum

Login to post

I can't complete a sql lab

smodnix | Last updated: Sep 06, 2020 04:10PM UTC

Is there a problem at this lab? Because i am not able to execute correct payloads. https://portswigger.net/web-security/sql-injection/examining-the-database/lab-querying-database-version-mysql-microsoft

smodnix | Last updated: Sep 07, 2020 05:27AM UTC

This payload ``' UNION SELECT @@version, NULL-- -`` worked instead of ``'+UNION+SELECT+@@version,+NULL#``

Ben, PortSwigger Agent | Last updated: Sep 07, 2020 07:41AM UTC

Hi, Are you entering the second payload via Burp or directly in the address bar of your browser? There is a special character in the second payload that means that you either have to deliver it via Burp or encode it if you wish to enter it directly into the address bar of your browser.

You need to Log in to post a reply. Or register here, for free.