public
  • Description
    • Whoami
  • 💻Plataform
    • Portswigger Academy
      • SQL Injection
        • SQL Injection Authentication Bypass
        • SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
        • Blind SQL injection with conditional errors
      • SSRF
        • Lab 1: Basic SSRF against the local server
      • XSS ( Cross-Site Scripting )
      • IDOR
      • Insecure Deserialization
      • JWT ( Json Web Token )
      • Access Control Vulnerabilities
      • Directory Traversal
      • OS Command Injection
    • ROP Emporium
      • Ret2Win
      • Split
      • Callme
  • By Topics
    • Cryptography
      • Mini RSA
Powered by GitBook
On this page
  1. Plataform
  2. Portswigger Academy
  3. SQL Injection

SQL injection vulnerability in WHERE clause allowing retrieval of hidden data

Lab 1 regarding the SQL Injection vulnerability from PortSwigger.

PreviousSQL Injection Authentication BypassNextBlind SQL injection with conditional errors

Last updated 1 year ago

In the laboratory description, it is proposed that there is a SQL Injection vulnerability in the category filtering field.

The query performed on the database is exactly as follows:

SELECT * FROM products WHERE category = 'Gifts' AND released = 1

Given that there is no validation on the "category" parameter, we can effectively subvert the logic of the query to retrieve all product categories.

By using a payload like gifts' OR 1=1--, the query would look like this:

SELECT * FROM products WHERE category = 'gifts'+OR+1=1--' AND released = 1

Thus, the query will check if there is a category called "gifts" or if 1=1, which is always true. As a result, the application returns all categories, and the lab is successfully solved!

💻
LogoLab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data | Web Security AcademyWebSecAcademy
Lab