LAB 1: SQL Injection Vulnerability in WHERE clause allowing retrieval of hidden data.

Problem Statement :

This lab contains an SQL injection vulnerability in the product category filter. When the user selects a category, the application carries out an SQL query like the following:

SELECT * FROM products WHERE category = ‘Gifts’ AND released = 1

To solve the lab, perform an SQL injection attack that causes the application to display details of all products in any category, both released and unreleased.

Access the lab


 In order to solve this problem. First click on Gift’s menu to load all items under gifts.

The URL in address bar will be seen in this way.

Next – The question is to display details of all products in any category, both released and Unreleased.

We modify the URL and enter this at the end of the URL.

‘ OR 1=1–

Explanation –

–> ‘  (This single quote we are ending the URL after gifts (which also means we are ending the query there) )

–> OR (We are adding another condition there to trick the database. We are saying OR

–> 1=1 (Which means 1 = 1  is always true. )

–> — (these 2 dashes are commenting out everything else after this) .’ OR 1=1–

As you can see it says we have solved the lab. Because we are now able to see all the items there from all the category.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s