SQL injection vulnerability in WHERE clause allowing retrieval of hidden data

This lab contains a SQL injection vulnerability in the product category filter. When the user selects a category, the application carries out a SQL query like the following:

SELECT * FROM products WHERE category = 'Gifts' AND released = 1

To solve the lab, perform a SQL injection attack that causes the application to display one or more unreleased products.

I wanted to test Burp Suite and a wordlist for this lab.

in burp suite Intruders, set the payload marker, copy and paste payloads from GitHub.

The absence of errors for the payloads highlighted in the screenshot suggests that the server processed these SQL injection payloads without returning any exceptions or errors that are typically indicative of a malformed SQL query. This could mean that the server's input validation is not strict enough to catch these attempts, and the payloads are successfully altering the SQL queries being run by the application.

The requests with payloads ' OR '1'='1, ' OR ''=', and ' OR 'x'='x are classic SQL injection techniques that aim to manipulate a query to return true for every row in the database

Last updated