Research Academy
My account Customers About Blog Careers Legal Contact Resellers
  1. Web Security Academy
  2. SQL injection
  3. Lab

Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data

APPRENTICE

This lab contains a SQL injection vulnerability in the product category filter. When the user selects a category, the application carries out a SQL query like the following:

SELECT * FROM products WHERE category = 'Gifts' AND released = 1

To solve the lab, perform a SQL injection attack that causes the application to display one or more unreleased products.

Access the lab

In this topic

SQL injection UNION attacks Examining the database Blind SQL injection SQL injection cheat sheet

All topics

SQL injection XSS CSRF Clickjacking DOM-based CORS XXE SSRF Request smuggling Command injection Server-side template injection Insecure deserialization Directory traversal Access control Authentication OAuth authentication Business logic vulnerabilities Web cache poisoning HTTP Host header attacks WebSockets Information disclosure File upload vulnerabilities JWT attacks Essential skills Prototype pollution
Try Burp Suite for Free

Find SQL injection vulnerabilities using Burp Suite

Try for free

Stories from the Daily Swig about SQL injection

Meet teler-waf

Security-focused HTTP middleware for the Go framework 09 January 2023 Meet teler-waf Security-focused HTTP middleware for the Go framework

Car companies massively exposed to web vulnerabilities

04 January 2023 Car companies massively exposed to web vulnerabilities Grand hack auto

JSON syntax hack allowed SQLi payloads to sneak past WAFs

09 December 2022 JSON syntax hack allowed SQLi payloads to sneak past WAFs Five vendors act to thwart generic hack

Zendesk Explore flaws opened door to account pillage

15 November 2022 Zendesk Explore flaws opened door to account pillage Patched SQLi and logical access vulnerabilities posed serious risk

Register for free to track your learning progress

The benefits of working through PortSwigger's Web Security Academy

  • Practise exploiting vulnerabilities on realistic targets.

  • Record your progression from Apprentice to Expert.

  • See where you rank in our Hall of Fame.

Already got an account? Login here