bWAPP SQL Injection: Fixing White Screen

TL;DR

If bWAPP’s SQL injection demo displays a white screen after exploitation, it’s usually due to PHP error reporting being disabled or the output being too large for the default display buffer. This guide shows how to fix this by enabling error reporting and increasing the output buffer size.

Fixing the White Screen

1. Check PHP Error Reporting: The most common cause is that errors aren’t being displayed. PHP might be silently failing.
   • Edit your php.ini file. This location varies depending on your setup (e.g., /etc/php/[version]/apache2/php.ini or within your XAMPP/WAMP installation).
   • Find the line containing display_errors = Off and change it to display_errors = On.
   • Also, check for error_reporting = E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED and ensure it’s set to a level that shows errors (e.g., error_reporting = E_ALL).
   • Restart your web server (Apache, Nginx, etc.) for the changes to take effect. For Apache:

     sudo systemctl restart apache2

2. Increase Output Buffer Size: Large SQL injection payloads can exceed PHP’s default output buffer.
   • In your php.ini file, find the line containing output_buffering = Off and change it to output_buffering = On.
   • Also, look for output_buffer_size = [size] (e.g., output_buffer_size = 4096) and increase the size significantly. Try 8192 or even 16384.

     output_buffer_size = 16384

   • Restart your web server again after making these changes.
3. Check bWAPP Configuration: Sometimes, the issue is within bWAPP itself.
   • Log into bWAPP as an administrator.
   • Navigate to ‘Configuration’ (usually found in the settings).
   • Look for any options related to error display or output buffering and ensure they are enabled/set appropriately. The specific options will depend on your bWAPP version.
4. Review Your Payload: Extremely long payloads can still cause issues even with increased buffer sizes.
   • Try breaking down your payload into smaller, more manageable chunks.
   • Ensure your SQL is valid and doesn’t contain syntax errors that could lead to unexpected results.
5. Web Server Logs: If the white screen persists, check your web server’s error logs (e.g., Apache’s error.log) for more detailed information about what’s going wrong.
   • The location of these logs varies depending on your setup. Common locations include /var/log/apache2/error.log or within the XAMPP/WAMP installation directory.