O'Reilly logo

Burp Suite Cookbook by Sunny Wear

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

How to do it...

To level set this recipe, let's first baseline the current number of records in the account table and perform SQL Injection to see this:

  1. Navigate to the User Info page: OWASP 2013 | A1 – Injection (SQL) | SQLi – Extract Data | User Info (SQL).
  2. At the username prompt, type in a SQL Injection payload to dump the entire account table contents.  The payload is ' or 1=1-- <space>  (tick or 1 equals 1 dash dash space). Then press the View Account Details button.
  1. Remember to include the space after the two dashes, since this is a MySQL database; otherwise, the payload will not work:

  1. When performed correctly, a message displays ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required