This lab contains an SQL injection vulnerability in the product category filter. The results from the query are returned in the application's response so you can use a UNION attack to retrieve data from other tables. To do this, you first need to determine the number of columns that are being returned by the query.
To solve the lab, perform an SQL injection UNION attack that returns an additional row containing null values.
categoryparameter, giving it the value
'+UNION+SELECT+NULL--. Observe that an error occurs.
categoryparameter to add an additional column containing a null value: