Burp Suite User Forum

Create new post

"Lab: Blind SQL injection with conditional responses" syntax question

Lucas | Last updated: Aug 25, 2022 06:41AM UTC

The following are given as examples about how to test for truth: TrackingId=xyz' AND (SELECT 'a' FROM users LIMIT 1)='a TrackingId=xyz' AND (SELECT 'a' FROM users WHERE username='administrator')='a TrackingId=xyz' AND (SELECT 'a' FROM users WHERE username='administrator' AND LENGTH(password)>1)='a I've looked around and asked questions about this, but I'm still not sure I understand. How is the string 'a' being returned within the parentheses? This essentially becomes 'a' = 'a' from what I understand. So if whatever is after SELECT 'some string' is true/exists, then whatever string you entered is returned? Is this some strange phenomena of SQL? Or is there the string 'a' somewhere in the data set behind the scenes?

Lucas | Last updated: Aug 25, 2022 06:50AM UTC

Or maybe the string 'a' is coming from just the first part of the word/string administrator. I now suspect this might be the answer.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.