How to do it...

To level set this recipe, let's first baseline the current number of records in the account table and perform SQL Injection to see this:

  1. Navigate to the User Info page: OWASP 2013 | A1 – Injection (SQL) | SQLi – Extract Data | User Info (SQL).
  2. At the username prompt, type in a SQL Injection payload to dump the entire account table contents.  The payload is ' or 1=1-- <space>  (tick or 1 equals 1 dash dash space). Then press the View Account Details button.
  1. Remember to include the space after the two dashes, since this is a MySQL database; otherwise, the payload will not work:

  1. When performed correctly, a message displays ...

Get Burp Suite Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.