.png)
4 months ago
119 BOOK THIS SPACE FOR AD
ARTICLE ADThis lab contains a blind SQL injection vulnerability. The application uses a tracking cookie for analytics and performs a SQL query containing the value of the submitted cookie. The SQL query is executed asynchronously and has no effect on the application’s response. However, you can trigger out-of-band interactions with an external domain. To solve the lab, exploit the SQL injection vulnerability to cause a DNS lookup to Burp Collaborator | Karthikeyan Nagaraj
This lab contains a blind SQL injection vulnerability. The application uses a tracking cookie for analytics, and performs a SQL query containing the value of the submitted cookie.
The SQL query is executed asynchronously and has no effect on the application’s response. However, you can trigger out-of-band interactions with an external domain.
To solve the lab, exploit the SQL injection vulnerability to cause a DNS lookup to Burp Collaborator.
Pre-Requisite
Find the type of database using the below SQL Injection cheat sheet
Solution
Capture the request of the homepage and send it to the repeater. we know that there is a tracking cookie where the vulnerability lies.Add the below query at the end of TrackingId value in URL encoded format. Unfortunately, I’m unable to paste the payload here because of some restriction3. Now Click on Burp Menu and click Burp Collaborator Client → Click copy to Clipboard → Change the Value of the poll to 1 second and click Poll Now
4. Paste the Collaborator link in the payload and URL encode it by clicking Crtl+u. The Final encoded value is like below
5. Send the Request and notice that you’ll receive some response on burp collaborator. Then the lab will be solved.
Bengali (Bangladesh) · 
English (United States) ·