@@Michael10Sommer There is no request engine under the options panel in intruder. (The place where you change the number of threads). I don't see it either its because I am using burp community edition I believe. can anyone confirm?
yes we dont have it in burp community. but we can still view the response received under the column tab when we do the attack. "Burp Intruder monitors the time taken for the application's response to be received, but by default it does not show this information. To see it, go to the "Columns" menu, and check the box for "Response received"." We still have this, therefore we can see the difference in response time.
In this case, he starts with ' to close the sql cookie value. Then he uses %3B (which is ; encoded) to end the SQL statement and be able to start another.
postgres sql what does ; does between 2 queries? In PostgreSQL, the semicolon (;) is used to separate multiple SQL statements in a single string or within a script. When a semicolon is encountered, it indicates the end of one SQL statement and the beginning of the next. This allows you to execute multiple queries in a single command or script. For example, the following script includes two SQL statements: Copy code CREATETABLEorders (order_id SERIAL PRIMARYKEY, order_date TIMESTAMP); INSERTINTOorders (order_date) VALUES(NOW()); The first statement creates a table named "orders" with a serial primary key and a timestamp column, and the second statement inserts a new row into the table with the current date and time as the order date. When you execute this script, both SQL statements will be executed sequentially, first creating the table, and then inserting a row into the table. It's worth to mention that in some client the semicolon is optional, but it's a good practice to use it to separate multiple statements and make the code more readable, especially in scripts or files with multiple queries.