Possible bug in Lab Blind SQL injection with time delays and information retrieval
The injection is on TrackingId cookie, but it only works if you inject in a "/filter?category=" page, not in a "/product?productId=" page.
It drove me crazy for a while :)
Thanks for making us aware of this issue. We’ll change the solution.