SQL injection vulnerability in WHERE clause allowing retrieval of hidden data


This lab an SQL injection vulnerability in the product category filter. When the user selects a category, the application carries out an SQL query like the following:

SELECT * FROM products WHERE category = 'Gifts' AND released = 1

Reproduction and proof of concept

  1. Use Burp Suite to intercept and modify the request that sets the product category filter.

  2. Modify the category parameter, adding a '

  3. Create payload, submit the request, and verify that the response now contains additional items.

https://lab-id.web-security-academy.net/filter?category=Pets' OR 1=1 -- 


An attacker needs to perform an SQL injection attack that causes the application to display details of all products in any category, both released and unreleased.