SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
https://portswigger.net/web-security/sql-injection/lab-retrieve-hidden-data
Level: Apprentice
Basically, in this lab we need to retrieve post that we don't suppose to see.
How can we do that with SQL Injection?
Supposing that the page is making a
SELECT * FROM products WHERE category = 'Gifts' AND released = 1
We ca try to inject some SQL and make it look like this
SELECT * FROM products WHERE category = 'Gifts' AND released = 1
'or 1=1;--
Knowing that 1=1 is equal True it will execute our simple payload.
In the following photo below, we make a check trying to inject a
' or 1=1;-- -
to see if it retrieves all the post that are in hidden too with our visible post.
Now as we can see below, we see other post that we do not see previously.
Last updated