SQL Injection – Blind SQL injection with conditional responses | PortSwigger Lab Note #8

target：

• Lab URL:
  https://portswigger.net/web-security/learning-paths/sql-injection/sql-injection-exploiting-blind-sql-injection-by-triggering-conditional-responses/sql-injection/blind/lab-conditional-responses

• Tools Used:

1. browser

2. Burp suite

Vulnerability Summary：

• Type: SQL Injection

• Description:

The database contains a different table called users, with columns called username and password. You need to exploit the blind SQL injection vulnerability to find out the password of the administrator user.

Steps to Exploit：

1.Trigger conditional responses and check whether the word “Welcome” appears.

2.Verify that the condition is true, confirming that there is a table called users.

3.Verify that the condition is true, confirming that there is a user called administrator

4.Determine how many characters are in the password of the administrator user and send a series of follow-up values to test different password lengths

5.determine the password

Remediation：

• Use parameterized queries / prepared statements

• Use server‑side input validation

• Escape and sanitize user input

Lessons Learned：