Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Lab: SQL injection attack, querying the database type and version on MySQL and Microsoft [Broken]

Brendan | Last updated: Jan 21, 2020 02:50AM UTC

I'm pretty experienced with SQL injection. I've been doing this lab and I even copied and pasted the answer from the solution section into the proper category and it still is returning a database error. The lab is broken please fix.

Devaraj | Last updated: Mar 09, 2020 06:58PM UTC

Yeah, I also did exactly what you did, @Brendan, and am receiving errors. Please fix the lab.

Ben, PortSwigger Agent | Last updated: Mar 09, 2020 07:13PM UTC

Hi, I have just tried this lab and was able to successfully solve it using the solution provided so the lab is working. The solution will work as stated when you are using Burp to issue the modified request (either via the Proxy or Repeater). If you are entering the payload directly into the browser you will have to think about how to encode the # character (# is a reserved character).

Rohit | Last updated: Apr 27, 2020 10:23AM UTC

This Lab is working fine If you are trying directly from Browser try %23 for(#) and dont forget to put = sign after category i.e category=payload

moyerap | Last updated: Nov 04, 2020 04:22AM UTC

Hi, I am using '-- ' i.e. 'hyphen hyphen and space' for commenting, even then it isn't working. Any ideas as to why it won't be working there ? Thanks.

Luke | Last updated: Jan 07, 2021 03:18AM UTC

If you look at the reference you can see that MySQL requires a space after a -- comment, the browser is probably removing it or you weren't using it, you can append a + to the end to specify a space i.e --+ or use the above method.

0xBones | Last updated: Feb 19, 2021 09:34PM UTC

Thanks for the explanation. @Luke

Sri | Last updated: Jun 03, 2021 12:30PM UTC

use this https://gchq.github.io/CyberChef/#recipe=URL_Encode(true)&input=Iw u need to encode the '#' symbol to '%23' if u want to use the browser

ali | Last updated: Sep 08, 2021 05:23AM UTC

'+UNION+SELECT+NULL,NULL%23 NOT WORKING ON BROWSER AND REPEATER '+UNION+SELECT+'abc','def'# NOT WORKING ON BROWSER AND REPEATER '+UNION+SELECT+@@version,+NULL# DIRECTLY WORKING REPEATER BUT NOT ON BROWSER ALSO WITH %23 NOT WORKING IN BROWSER

Ben, PortSwigger Agent | Last updated: Sep 08, 2021 08:12AM UTC

Hi Ali, Have you tried (if you want to try and solve this by entering the payload directly into the browser): '+UNION+SELECT+@@version,+NULL%23

Nassim | Last updated: Nov 28, 2021 04:05AM UTC

Thank you very much, I've been trying everything but without luck. I honestly though the # was to not tell the entire answer so I put -- in its place. Great to find other's thoughts on this. Thanks @Luke for the explanation.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.