SQL injection vulnerability in WHERE clause allowing retrieval of hidden data

https://portswigger.net/web-security/sql-injection/lab-retrieve-hidden-data

Level: Apprentice

  • Basically, in this lab we need to retrieve post that we don't suppose to see.

  • How can we do that with SQL Injection?

  • Supposing that the page is making a SELECT * FROM products WHERE category = 'Gifts' AND released = 1

  • We ca try to inject some SQL and make it look like this SELECT * FROM products WHERE category = 'Gifts' AND released = 1' or 1=1;--

  • Knowing that 1=1 is equal True it will execute our simple payload.

  • In the following photo below, we make a check trying to inject a ' or 1=1;-- - to see if it retrieves all the post that are in hidden too with our visible post.

  • Now as we can see below, we see other post that we do not see previously.

PreviousApprenticeNextSQL injection vulnerability allowing login bypass

Last updated