SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
https://portswigger.net/web-security/sql-injection/lab-retrieve-hidden-data
Last updated
https://portswigger.net/web-security/sql-injection/lab-retrieve-hidden-data
Last updated
Let's filter by Accessories
.
The resultant SQL query is:
Since we are proxying the traffic through Burp Suite, we can access this request in the Proxy> HTTP History
tab.
Let's forward this request to the Repeater
for further modification.
Once in the Repeater
, we can set the categories
filter to the following:
The resultant SQL query will be:
Since 1 is always equal to 1, the server will output all the categories. And since, we are commenting out the AND released = 1
part, even the unreleased products will be output.
We have solved the lab.