Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Lab: Blind SQL injection with time delays

PRACTITIONER

This lab contains a blind SQL injection vulnerability. The application uses a tracking cookie for analytics, and performs a SQL query containing the value of the submitted cookie.

The results of the SQL query are not returned, and the application does not respond any differently based on whether the query returns any rows or causes an error. However, since the query is executed synchronously, it is possible to trigger conditional time delays to infer information.

To solve the lab, exploit the SQL injection vulnerability to cause a 10 second delay.

Hint

You can find some useful payloads on our SQL injection cheat sheet.

ACCESS THE LAB

Solution

  1. Visit the front page of the shop, and use Burp Suite to intercept and modify the request containing the TrackingId cookie.

  2. Modify the TrackingId cookie, changing it to:

    TrackingId=x'||pg_sleep(10)--
  3. Submit the request and observe that the application takes 10 seconds to respond.

Community solutions

Rana Khalil
Michael Sommer

Register for free to track your learning progress

The benefits of working through PortSwigger's Web Security Academy

  • Practise exploiting vulnerabilities on realistic targets.

  • Record your progression from Apprentice to Expert.

  • See where you rank in our Hall of Fame.

Already got an account? Login here

Try Burp Suite for Free

Find SQL injection vulnerabilities using Burp Suite

Try for free