SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
Lab 1 regarding the SQL Injection vulnerability from PortSwigger.
In the laboratory description, it is proposed that there is a SQL Injection vulnerability in the category filtering field.
The query performed on the database is exactly as follows:
SELECT * FROM products WHERE category = 'Gifts' AND released = 1Given that there is no validation on the "category" parameter, we can effectively subvert the logic of the query to retrieve all product categories.
By using a payload like gifts' OR 1=1--, the query would look like this:
SELECT * FROM products WHERE category = 'gifts'+OR+1=1--' AND released = 1Thus, the query will check if there is a category called "gifts" or if 1=1, which is always true. As a result, the application returns all categories, and the lab is successfully solved!
Last updated