Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

'Lab: Blind SQL injection with conditional responses' not working

João | Last updated: Dec 14, 2023 02:23PM UTC

Hello, I've been trying to solve the lab, but not even testing exactly the way the Academy is teaching or how community solutions were made (almost no difference at all) I can solve. I'm supposed to test for SQL payloads on 'TrackingId' cookie and wait for an 'Welcome back!' response (i.e. "TrackingId=xyz AND '1'='1" should return me 'Welcome back!', but "TrackingId=xyz AND '1'='2" should not return me nothing). When I test for it, nothing happens...but when I try with the 'session' cookie, even if its an logical error such as '1'='2, I receive an "Welcome back!" message. I tried to reset the lab 3 times and all the times it's the same thing. Can someone help me?

Jared | Last updated: Dec 14, 2023 04:32PM UTC

I'm also having trouble with the same lab at the moment. I'm to the point of deducing the password with the method they suggest and I can get most of the characters, but there are 1 or 2 instances every time I reload it where I don't get the "Welcome back" response at all at a certain index position.

Dominyque, PortSwigger Agent | Last updated: Dec 15, 2023 09:20AM UTC

Hi Both I have just tested the lab and can confirm that it works as it should. Have you watched the community solution videos for further guidance?

Neilz | Last updated: Mar 29, 2024 04:50AM UTC

I have tried to complete the lab 'Blind SQL injection with conditional errors' several times now, but the lab keeps shutting down. I'm using the community edition .I have tried it on Linux and Windows machines. What am I doing wrong. Thank you

Dominyque, PortSwigger Agent | Last updated: Mar 29, 2024 07:56AM UTC

Hi Neilz

I am sorry that you are experiencing this.

Is there a specific point where the lab keeps shutting down, or is it random?

Can you please specify what you mean by 'shutting down'? Are there error messages present that you can share?

It might be easier to send screenshots/ screen recordings of your attempt at the lab so we can observe the behavior you are experiencing. You can send these to support@portswigger.net

Neilz | Last updated: Mar 30, 2024 05:49PM UTC

I am going to try the lab using the Portswigger browser to see if this remedies the problem. I have been using the firefox browser. I appreciate you Dominyque ;)

Neilz | Last updated: Mar 30, 2024 08:01PM UTC

That seemed to do the trick, lab solved. I love this tool and the academy. Much respect to you and the team.

Dominyque, PortSwigger Agent | Last updated: Apr 01, 2024 06:29AM UTC

Hi Neilz Thank you for letting me know you were able to solve the lab! We appreciate your kind words :)

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.