Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

retrieval of hidden data

RK | Last updated: Jan 17, 2021 05:23PM UTC

I'm trying to practice sql injection lab. I don't know why this url mentioned in the lab "https://insecure-website.com/products?category=Gifts" is not opening. It is throwing this error "The requested URL was not found on this server". I was able to access the url before practicing the lab. I don't know all of a sudden the url stopped working for me? Any help?

Ben, PortSwigger Agent | Last updated: Jan 18, 2021 09:52AM UTC

Hi, Can you confirm the name of the lab that you are attempting to solve?

RK | Last updated: Jan 18, 2021 04:17PM UTC

Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data

Ben, PortSwigger Agent | Last updated: Jan 19, 2021 08:09AM UTC

Hi, The "https://insecure-website.com/products?category=Gifts" URL, mentioned in the learning materials for this topic, is just an example site intended to illustrate how hidden data might be retrieved. The actual lab exercise has a different, unique URL which is generated when you launch the lab itself. You need to navigate to the https://portswigger.net/web-security/sql-injection/lab-retrieve-hidden-data page and then click on the 'Access the lab' button in order to launch the lab.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.