1.12 Lab: Blind SQL injection with out-of-band interaction | 2023
This lab contains a blind SQL injection vulnerability. The application uses a tracking cookie for analytics and performs a SQL query containing the value of the submitted cookie. The SQL query is executed asynchronously and has no effect on the application’s response. However, you can trigger out-of-band interactions with an external domain. To solve the lab, exploit the SQL injection vulnerability to cause a DNS lookup to Burp Collaborator | Karthikeyan Nagaraj
Description
This lab contains a blind SQL injection vulnerability. The application uses a tracking cookie for analytics, and performs a SQL query containing the value of the submitted cookie.
The SQL query is executed asynchronously and has no effect on the application’s response. However, you can trigger out-of-band interactions with an external domain.
To solve the lab, exploit the SQL injection vulnerability to cause a DNS lookup to Burp Collaborator.
Pre-Requisite
Find the type of database using the below SQL Injection cheat sheet
Solution
- Capture the request of the homepage and send it to the repeater. we know that there is a tracking cookie where the vulnerability lies.
- Add the below query at the end of
TrackingIdvalue in URL encoded format. Unfortunately, I’m unable to paste the payload here because of some restriction
3. Now Click on Burp Menu and click Burp Collaborator Client → Click copy to Clipboard → Change the Value of the poll to 1 second and click Poll Now
4. Paste the Collaborator link in the payload and URL encode it by clicking Crtl+u. The Final encoded value is like below
5. Send the Request and notice that you’ll receive some response on burp collaborator. Then the lab will be solved.
Thank you for Reading!
Happy Hacking ~
Author: Karthikeyan Nagaraj ~ Cyberw1ngTelegram Channel for Free Ethical Hacking Dumps — https://t.me/ethicalhackingessentials
