Can someone give me a nudge on Blind SQL Injection module; Assessment Q1. I have tried manual injection and sqlmap on login.php and index.php. Tried injecting user agent, referer and cookie fields but no luck. Also reset target a couple times
Your already on the right track, double check the payload is URL encoded.
Finally solved it. Make sure you try all header fields (e.g cookie) and as mentioned above URL encode your payload. Once you have proved injection is possible, adapt the python script under Time-Based SQLi section to identify database then table then column of required password.
All in all quite an interesting module.
Im having same issue, I try using the time based payload from the cheat sheet, url encode and place in the TrackingId but no delay. What am i missing as it driving me crazy?
DM if you need help =)
how did you get around the poor connectivity for that time based sqli, such a nightmare, i get payload and all, so hard to retrieve the table names
The skill assessment was quite fun, a bit slow at times… but doable. I would recommend everyone to tackle the data exfil with burp’s intruder. For anyone stuck feel free to DM.
PSA: DO NOT USE MULTI-THREADING / MULTI-PROCESSING IN THIS ASSESSMENT!!!
This is extremely important, otherwise it’ll throw off the server response timing, making every query looks like a HIT when it’s not!!!
I spent half a day trouble shooting my script/payload because of this!!!
Guys, can someone help with question 3? I managed to login as admin an i thing that captchaAnswer parameter is the second blind SQLi but can’t exploit it. Just got some PHP errors. Can anyone help with payload?