1. Web Security Academy
  2. SQL injection
  3. Lab

Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data

This lab contains an SQL injection vulnerability in the product category filter. When the user selects a category, the application carries out an SQL query like the following:

SELECT * FROM products WHERE category = 'Gifts' AND released = 1

To solve the lab, perform an SQL injection attack that causes the application to display details of all products in any category, both released and unreleased.

web-security-academy-white

Want to track your progress and have a more personalized learning experience? (It's free!)

Sign up Login
back-to-top