SQL injection vulnerability in WHERE clause allowing retrieval of hidden data

Lab 1 regarding the SQL Injection vulnerability from PortSwigger.

In the laboratory description, it is proposed that there is a SQL Injection vulnerability in the category filtering field.

The query performed on the database is exactly as follows:

SELECT * FROM products WHERE category = 'Gifts' AND released = 1

Given that there is no validation on the "category" parameter, we can effectively subvert the logic of the query to retrieve all product categories.

By using a payload like gifts' OR 1=1--, the query would look like this:

SELECT * FROM products WHERE category = 'gifts'+OR+1=1--' AND released = 1

Thus, the query will check if there is a category called "gifts" or if 1=1, which is always true. As a result, the application returns all categories, and the lab is successfully solved!

PreviousSQL Injection Authentication Bypass NextBlind SQL injection with conditional errors

Last updated 2 years ago