O'Reilly logo

Kali Linux Web Penetration Testing Cookbook by Gilberto Nájera-Gutiérrez

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Exploiting a Blind SQLi

In Chapter 6, Exploitation – Low Hanging Fruits, we exploited an error-based SQL Injection and now we will identify and exploit a Blind SQL Injection using Burp Suite's Intruder as our main tool.

Getting ready

We will need our browser to use Burp Suite as a proxy for this recipe.

How to do it...

  1. Browse to http://192.168.56.102/WebGoat and log in with webgoat as both the username and password.
  2. Click on Start WebGoat to go to WebGoat's main page.
  3. Go to Injection Flaws | Blind Numeric SQL Injection.
  4. The page says that the goal of the exercise is to find the value of a given field in a given row. We will do things a little differently but let's first see how it works: Leave 101 as the account number and click Go!.
  5. Now try with 1011 ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required