Burp Suite Academy – SQL injection vulnerability in WHERE clause allowing retrieval of hidden dataBurp Suite Academy

This lab contains a SQL injection vulnerability in the product category filter. When the user selects a category, the application carries out a SQL query like the following:

SELECT * FROM products WHERE category = 'Gifts' AND released = 1

To solve the lab, perform a SQL injection attack that causes the application to display details of all products in any category, both released and unreleased.



As the vulnerability is in the product category filter, we can try something like:

/filter?category=' or 1=1--


Now we can observe that there are more articles available in the shop.