SQL Injection - Stored (User-Agent) - Low Security Level
Solution:
*Note: I am using BurpSuite pre configured browser, in case if you are not using the pre configured browser then please configure the browser with proxy and then follow the below steps.
Step 1. Choose the lesson bug (as shown in the video) and click on Hack button.
Step 2. Go to BurpSuite and you will see POST /bWAPP/sqli_17.php HTTP/1.1
Check the User-Agent:
Click on Forward
Step 3. You will be taken to GET /bWAPP/sqli_17.php HTTP/1.1
Find User-Agent: and remove all the text in front of it
Add the payload in front of User-Agent:
PseudoTime',(select concat(id,login,password) from users limit 0,1)) #
Step 4. Turn intercept to off and go to the lesson page and check the results.
PseudoTime