INFO LAB : →

This lab contains a blind SQL injection vulnerability. The application uses a tracking cookie for analytics, and performs a SQL query containing the value of the submitted cookie.

The SQL query is executed asynchronously and has no effect on the application's response. However, you can trigger out-of-band interactions with an external domain.

GOAL : →

To solve the lab, exploit the SQL injection vulnerability to cause a DNS lookup to Burp Collaborator.

🌐 Objective: Force a DNS Lookup as Proof of Successful Out-of-Band Exploitation

🧪 Goal: From this lab, we aim to force the server to perform a DNS lookup to a domain it owns — this serves as proof of a successful Out-of-Band (OOB) technique.

📘 What is a DNS Lookup?

🧱 DNS stands for Domain Name System — it's like the phonebook of the internet.

It translates domain names into IP addresses that computers can understand.

⬆️ Example:

[google.com](<http://google.com>) → 142.250.190.68

So when you type google.com in your browser, a DNS lookup happens behind the scenes to find the actual IP address of Google’s servers.

DNS_Lookup_How_it_Works_Tutorial_with_Examples.png

🗃️ Determine the Database Data Type

🔍 Goal: Identify the specific database type to use appropriate techniques.