Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Login to post

lab bug (SQL injection attack, querying the database type and version on MySQL and Microsoft)

Behrooz | Last updated: Aug 17, 2023 07:08PM UTC

I think this lab (https://portswigger.net/web-security/sql-injection/examining-the-database/lab-querying-database-version-mysql-microsoft) is not working. Even I tried the Solution and that did not work!

Dominyque, PortSwigger Agent | Last updated: Aug 18, 2023 09:33AM UTC

Hi I have just tested the lab and can confirm that it works as it should. Are you attempting to add the payload in the browser or the Repeater tab and then sending the modified request? Please be aware of URL encoding if you are using the browser method.

Behrooz | Last updated: Aug 18, 2023 04:36PM UTC

Hi, Thanks for the tip. It worked after changing # to %23 (and --[space] to --+). Thank you

Ammar | Last updated: Aug 18, 2023 06:31PM UTC

Hi, Mostly, special characters create issues, You can decode those characters in the decoder tab as URL. Thanks,

Dominyque, PortSwigger Agent | Last updated: Aug 21, 2023 07:19AM UTC

Hi Thanks, Ammar, for updating the thread with that tip!

You need to Log in to post a reply. Or register here, for free.