1. Web Security Academy
  2. SQL injection
  3. Blind
  4. Lab

Lab: Blind SQL injection with out-of-band interaction

This lab contains a blind SQL injection vulnerability. The application uses a tracking cookie for analytics, and performs an SQL query containing the value of the submitted cookie.

The SQL query is executed asynchronously and has no effect on the application's response. However, you can trigger out-of-band interactions with an external domain.

To solve the lab, exploit the SQL injection vulnerability to cause a DNS lookup to the public Burp Collaborator server (burpcollaborator.net).

Note

The solution described here is sufficient simply to trigger a DNS lookup and so solve the lab. In a real-world situation, you would use Burp Collaborator client to verify that your payload had indeed triggered a DNS lookup. See the lab on blind SQL injection with out-of-band data exfiltration for an example of this.

Want to track your progress and have a more personalized learning experience? (It's free!)

Sign up Login