Lab: Blind SQL injection with out-of-band data exfiltration

INFO LAB : →

This lab contains a blind SQL injection vulnerability. The application uses a tracking cookie for analytics, and performs a SQL query containing the value of the submitted cookie.

The SQL query is executed asynchronously and has no effect on the application's response. However, you can trigger out-of-band interactions with an external domain.

The database contains a different table called users, with columns called username and password. You need to exploit the blind SQL injection vulnerability to find out the password of the administrator user.

GOAL : → To solve the lab, log in as the administrator user.

🎯 What’s the End Goal?

🛠 Exploit SQL Injection to extract the password of the administrator user.
🔐 Login as the administrator using the extracted credentials.

🧭 Step-by-Step Guide

1️⃣ Open Burp Suite and Repeater

Intercept the target request using Burp Proxy.
Send the request to Repeater.

2️⃣ Locate the Injectable Point

Focus on the TrackingId cookie — this is usually the injection point.

3️⃣ Setup for Out-of-Band Interaction

Go to Burp Collaborator Client.
Copy a unique Collaborator URL.

🎯 What’s the End Goal?

🧭 Step-by-Step Guide

1️⃣ Open Burp Suite and Repeater

2️⃣ Locate the Injectable Point

3️⃣ Setup for Out-of-Band Interaction

4️⃣ Analyze and Build Payload