![[WHERE clause allowing retrieval of hidden data] – [SQL injection vulnerability ]](/_next/image?url=https%3A%2F%2Fmedia2.dev.to%2Fdynamic%2Fimage%2Fwidth%3D800%252Cheight%3D%252Cfit%3Dscale-down%252Cgravity%3Dauto%252Cformat%3Dauto%2Fhttps%253A%252F%252Fdev-to-uploads.s3.amazonaws.com%252Fuploads%252Farticles%252Fbesd5rp7y7daa7idy99k.png&w=1200&q=75)
[WHERE clause allowing retrieval of hidden data] – [SQL injection vulnerability ]
Target: Lab URL : https://portswigger.net/web-security/sql-injection/lab-retrieve-hidden-data Tools Used: Browser Vulnerability Summary: Type: SQL Injection Description: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data Steps to Exploit: Observed the URL and found 'filter?category' being sent as a query in a SELECT statement to the database, so tried modifying the WHERE clause Guess that the command submitted to the database is: SELECT * FROM products WHERE category = 'Gifts' AND released = 1 Created the payload ?category=Gifts'+OR+1=1+-- to try to make it display all categories. Impact: an easy attack can cause the application to display all the products in any category, including categories that they don't want you know Remediation: Use parameterized queries / prepared statements Use server‑side input validation Escape and sanitize user input Lessons Learned: ' can terminate a string in SQL As 1=1 is always true, the query returns all items + represents a
Continue reading on Dev.to Tutorial
Opens in a new tab
