SQL Injection Blind WS SOAP final

SQL Injection - Blind (WS/SOAP - Simple Object Access Protocol) Low Security Level Solution: Step 1. Select a movie and click on Go and check the output. Perform the same step with other movie name. The ticket number changes. Step 2. Select a movie again of your choice click on go and in the url next to movie name add the sql payload ' or 1=1 (please refer to the video for more details) and check the output. Note: Ticket number details are missing. Step 3. Replace the earlier payload and add a new sql payload ' or '1' = '1 (as shown in the video) and check the output. Note: Now the ticket numbers are visible once again, but they are more in nuumber than the actual count. Step 4. Reload the lesson select movie name of your choice and click on go. Give below payload as an input and check the output ' or length(database())=4 and '1'='1 - Same ticket numbers Reload the lesson and click on go. Add the below payload as shown in the video. ' or length(database())=5 and '1'='1 - Ticket numbers have changed From this we can conclude that the length of database name is 5 characters. Step 5. We can test the lesson with sqlmap as well, copy paste the below payload in Command Prompt. Note: Directly showing the results to save time. Change the url IP and PHPSESSID as per your system details. Payload: sqlmap -u "http://10.0.2.4/bWAPP/sqli_5.php?title=Man+of+Steel&action=go" --cookie="security_level=0;PHPSESSID=fc6ec097759412111b326b82f14339e3" -p title --threads=5 --level=5 --risk=3 --batch -D bWAPP --tables * Explore the lesson with other payloads. PseudoTime