Burp community forum

Possible bug in Lab Blind SQL injection with time delays and information retrieval

Luca | Last updated: May 30, 2019 10:40AM UTC

The injection is on TrackingId cookie, but it only works if you inject in a "/filter?category=" page, not in a "/product?productId=" page. It drove me crazy for a while :)

Burp User | Last updated: May 30, 2019 10:53AM UTC

(If it's the wrong place to post, please feel free to delete)

Liam, PortSwigger Agent | Last updated: May 30, 2019 03:35PM UTC

Thanks for making us aware of this issue. We'll change the solution.

You need to Log in to post a reply. Or register here, for free.