Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Lab: Blind SQL injection with conditional responses

Tanvir | Last updated: Apr 08, 2020 05:52AM UTC

Tried all the solution in mind, in the end even given solution is not working please look. union select 'a' from users where username='administrator' AND length(password)<1 is also returning true which should be false.and these did not work either. and (select if((length((select password from users where username='administrator')))>1,1,0))

Ben, PortSwigger Agent | Last updated: Apr 08, 2020 08:40AM UTC

Hi, I have just tried this lab and was able to solve it using the solution provided. Are you including the TrackingId=x' portion of the payload when you attempt this lab?

Armaan | Last updated: Jan 01, 2021 08:58PM UTC

Yes you can just pass through TrackingId=x'+OR+1=1-- and likewise...

Manish | Last updated: Mar 07, 2021 06:13PM UTC

I am not able to intercept Blind SQL injection with conditional responses website through BurpSuite. Please help me to how to intercept Blind SQL injection with conditional response.

Ben, PortSwigger Agent | Last updated: Mar 08, 2021 08:22AM UTC