Blind SQL injection with conditional responses
https://portswigger.net/web-security/sql-injection/blind/lab-conditional-responses
Level: Practitioner
This is other type of SQL injection.
This time the server will not response with any SQL error, and we need to use other ways to see if its vulnerable.
The challenge is saying that the SQLi is in a cookie called TrackingId.
We need to be aware of the Welcome Back!.
First, I start with a simple injection that will be True.
So that's why we see the Welcome Back! because it does not interfere with nothing in the query.
Now be aware of the Welcome Back! on the response.
This time we put that 2=1 so because it will be False, it will not response with the Welcome Back!
We can filter by the content length too if you want to.
So, let's start injecting in this phase our query to retrieve the administrator password from the tables and columns that the challenge gives us at the start.
Let's use some logic to retrieve the password.
Here we're seeing that if in the column password the first character is an "a", it will response back with the Welcome Back! This time the first character is not an "a".
This time the first character in the password column is a 6.
Use this script to retrieve the information from the password column:
Last updated