Burp Suite User Forum

Create new post

SQLi lab - Blind SQL injection with conditional errors problem

DilemmaRabbit | Last updated: Aug 12, 2022 07:13AM UTC

Hello, I am tring to solve this lab. I notice that the solution using this pattern to check vulnerbility. TrackingId=xyz'||(SELECT '' FROM dual)||' I am confuse with concatenation symbol "||" ,why need to use concatenation symbol in my SQLi? And why can't I use space or other logical symbol (like AND or OR) to create a new SQL query?

Michelle, PortSwigger Agent | Last updated: Aug 12, 2022 10:18AM UTC

You might find the SQL injection cheat sheet useful as it takes you through a few of the options for concatenating strings. https://portswigger.net/web-security/sql-injection/cheat-sheet Hope this helps!

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.