★★★★ Ephemeral Accountant (SQL-Injection)

Best of luck with your OSCP :) Come back at any time :D

It's just a POC in Juice Shop, but I'm sure you could imagine other scenarios where it might be useful to completely fabricate an entry used in a query without having to create a real entry in a table. Creating a real entry leaves artifacts and might not even be possible if the table is read-only (eg. it contains security descriptors the query verifies but can't alter) or you can't use INSERT in the injection.
You can also construct altered versions of existing entries that you couldn't insert/update without propagating effects to everyone else using the database, like an existing user's id and isAdmin=1, which again doesn't offer any benefit in Juice Shop, but you can surely imagine other scenarios where creating completely arbitrary states could lead to further exploitation somehow. Maybe a null createdAt date would cause a problem in a different app. It's an invalid value to insert in the actual table because it specifies NOT NULL for the field, but you're generating name/value pairs out of thin air here and aren't subject to the same constraints.

No, I have not provided the payload on purpose, so that each watcher really needs to dig into the challenge a little more :) If you really just wanna copy paste it, you would have to type it off the video! I would recommend you to try it out by yourself though!

Could you please comment the minute and second in the mm:ss format where you face your poblem?

Sorry, I don't have the payload at hand anymore. But try build it by yourself. That's the best way to learn.

If you download the latest version of Burp Suite, you don't need the plugin anymore. There is already a beautifier included.
Otherwise go to the extender tab.

@NoYaN NyN.
I am running an older version of burp v2020.4. This version has a "pretty" button on the bottom right of the repeater. Be aware that Hacksplained already has the repeater view in "pretty" mode which is already parsing the json response in the repeater tab. Also be aware the JSON Beautifier only pretty formats JSON. What you see on his JSON Beautifier tab is the table creation sql command for the Users table. The JSON Beautifier does not convert sql table create commands to JSON. I believe he is only using the JSON Beautifier as an open area to spread out the data to be more readable in a JSON format to see its structure. I am sure there are a variety of ways to convert sql CREATE commands to JSON, but the JSON Beautifier extension is not one of them.
If interested in getting the JSON Beautifier for testing, be aware in the version I am running, there is no JSON Beautifier extension in the BApp store. Looks like it was removed. You can however clone the older git repo here (github.com/PortSwigger/json-beautifier). Then apt install gradel, and build the jar file. Then you can import by going to Extender > Extensions, and "Add" your jar file.

Thanks!

You need to try a little harder! Go over the video again and check if you missed something!

I check the code same as you, but it couldn't not work ah.

yep!

De nada!!

In which minute do you have a problem. Please post the mm:ss mark.

@@Hacksplained I typed this: {"email":"'UNION SELECT * FROM (SELECT 1000 as 'id',"as 'username','acc0unt4nt@juice-sh.op'as'email','asdfasdf'as'password','accounting'as'role',"as'deluxeToken','127.0.0.1'as'lastLoginIp','default.svg'as'profileImage',"as'totpSecret',1 as 'isActive','2020-08-30 11:12:13.456 +00:00' as'updatedAt', null as 'deletedAt')--","password":""}
I get an Internal Server Error and the part from UNION to 'id' is in red.

@@ITZDABOSSTV Please post the mm:ss (minutes second) video mark in which you need help.

@@Hacksplained 5:40

@@ITZDABOSSTV Change the 1000 to 20, then can work le

Put down your question in the comments! Then also others apart from me can help you :)