Burp Suite User Forum

Login to post

Lab: SQL injection UNION attack, retrieving data from other tables

Richard | Last updated: Jan 07, 2021 09:19AM UTC

Hi, I am using the following payload in Burp Suite to get response containing usernames and passwords. GET /filter?category=Accessories'+UNION+SELECT+username,+password+FROM+users-- HTTP/1.1 I managed to get the usernames and passwords in the browser but the LAB didn't change to SOLVED. Is it a bug or a wrong code? Thanks/Richard

Ben, PortSwigger Agent | Last updated: Jan 07, 2021 09:54AM UTC

Hi Richard, Have you used the administrator credentials that you have discovered to login to the site?

Richard | Last updated: Jan 08, 2021 07:27AM UTC

Yes and also didn't change to SOLVED.

Richard | Last updated: Jan 08, 2021 07:28AM UTC

Yes and also didn't change to SOLVED.

Ben, PortSwigger Agent | Last updated: Jan 08, 2021 01:38PM UTC

Hi Richard, Entering your payload, retrieving the administrator login credentials and then subsequently logging in as the administrator user solves the lab for me. One of our users, Michael Sommer, has produced some valuable YouTube videos that illustrate how each lab should be solved (in some cases it is easier to follow a video than it is to follow a text solution). Can you confirm that you are following the solution as laid out in the video below: https://www.youtube.com/watch?v=qWUELXgQtWU

Richard | Last updated: Jan 09, 2021 09:31AM UTC

Hi Ben, It works now. Thank you very much.

You need to Log in to post a reply. Or register here, for free.