Burp Suite User Forum

Login to post

SQLi lab - Blind SQL injection with conditional errors problem

DilemmaRabbit | Last updated: Aug 12, 2022 07:13AM UTC

Hello, I am tring to solve this lab. I notice that the solution using this pattern to check vulnerbility. TrackingId=xyz'||(SELECT '' FROM dual)||' I am confuse with concatenation symbol "||" ,why need to use concatenation symbol in my SQLi? And why can't I use space or other logical symbol (like AND or OR) to create a new SQL query?

Michelle, PortSwigger Agent | Last updated: Aug 12, 2022 10:18AM UTC

You might find the SQL injection cheat sheet useful as it takes you through a few of the options for concatenating strings. https://portswigger.net/web-security/sql-injection/cheat-sheet Hope this helps!

You need to Log in to post a reply. Or register here, for free.