INFO LAB :→

This lab contains a blind SQL injection vulnerability. The application uses a tracking cookie for analytics, and performs a SQL query containing the value of the submitted cookie.

The results of the SQL query are not returned, and the application does not respond any differently based on whether the query returns any rows. If the SQL query causes an error, then the application returns a custom error message.

The database contains a different table called users, with columns called username and password. You need to exploit the blind SQL injection vulnerability to find out the password of the administrator user.

GOAL : →

To solve the lab, log in as the administrator user.

Solution :

🗃️ We Need to Know the Database Type

🛠️ I used sqlmap tool to detect the database type

sqlmap -u "lab-URL" --level=5 --risk=3

🧠 Understanding the Database Type

🕵️‍♂️ We used the sqlmap tool to detect the database type.

✅ Now we know that the database type is Oracle Database.

📄 Open the SQL Injection Cheatsheet

🎯 Focus on Oracle-specific payloads.

🧪 Testing the Condition

🧩 We need to add a condition to determine whether it affects the response or not.