In Chapter 6, Exploitation – Low Hanging Fruits, we exploited an error-based SQL Injection and now we will identify and exploit a Blind SQL Injection using Burp Suite's Intruder as our main tool.
We will need our browser to use Burp Suite as a proxy for this recipe.
http://192.168.56.102/WebGoatand log in with
webgoatas both the username and password.
101as the account number and click Go!.