Burp Suite User Forum

Login to post

Lab: SQL injection attack, querying the database type and version on MySQL and Microsoft

Nicolas | Last updated: Sep 12, 2021 10:22AM UTC

Hello! I am currently trying to solve this lab and I am not sure if I am doing something wrong but even if I put the solution given, there seems to be some kind of internal server error.Is something like this possible? >'+UNION+SELECT+@@version,+NULL# //This is the solution. >'+ORDER+BY+1# //Does not work either.

Ben, PortSwigger Agent | Last updated: Sep 13, 2021 07:15AM UTC

Hi Nicolas, Are you entering the payload directly into the address bar of your browser or are you using Burp to issue the request containing the payload? If it is the former then you need to consider whether you should be URL encoding a certain, special character that is being used in the payload. If you submit the payload using Burp (as the solution suggests) then the solution provided should work without any further changes required.

Nicolas | Last updated: Sep 14, 2021 11:11AM UTC

Okay! Thank you, will check it out.

You need to Log in to post a reply. Or register here, for free.