You are currently viewing SQL injection vulnerability in WHERE clause allowing retrieval of hidden data

SQL injection vulnerability in WHERE clause allowing retrieval of hidden data

Introduction

Hello, everyone. How are you all doing? This is our second article on SQL injection. In the first article, we discussed the theory of SQL injection from basic to advanced levels. Now, we are going to start with practical SQL injection. We will be performing all the practical examples using PortSwigger Web Security Labs.

Lab Description

SQL injection vulnerability in WHERE clause allowing retrieval of hidden data

You can see the screenshot of the lab above, which clearly indicates that the lab is vulnerable to SQL injection. We have a SQL injection vulnerability in the product category. When a user selects a category, the application performs an SQL query, which is as follows:

SELECT * FROM product WHERE category = 'Gift' AND released = 1

To solve this lab, we need to perform an SQL injection to view the products that the administrator hasn’t released yet.

SQL injection vulnerability in WHERE clause allowing retrieval of hidden data

First, let’s access the lab. After accessing the lab, you can see that we have multiple options in the menu, such as clothing, shoes, and gifts, etc.

SQL injection vulnerability in WHERE clause allowing retrieval of hidden data

I clicked on the “Gifts” section, and it only showed me three products.

Now, I know that this URL is vulnerable to SQL injection.

https://0a7b005203c4772e81d3029f00c8008c.web-security-academy.net/filter?category=Gifts

This is our URL.

Now, at the end of the simple URL, I’ll add ‘+OR+1=1– and submit.

  • : The ‘+’ symbol in this payload is used for URL encoding.

OR : ‘OR’ is a logical operator in SQL language that always returns a true value for the condition applied.

1=1 : The value of 1=1 is always true. If any restrictions are applied by the server, it will bypass them and show you all the data.

— : This is used as a comment, commenting out the rest of the query.

You can see that now we have all the unreleased products shown in the lab. We have successfully solved the PortSwigger Web Security Lab – SQL injection vulnerability in the WHERE clause, allowing retrieval of hidden data.

https://0a7b005203c4772e81d3029f00c8008c.web-security-academy.net/filter?category=Gifts%27+OR+1=1–

This is the final result of our modified URL. Here, %27 is the encoded form of (‘).

You can learn everything related to web security on our website. We upload the latest articles on web security topics on a daily basis, so stay with us.

To continue studying check out the next lab i.e. SQL Injection Vulnerability Allowing Login Bypass cover the current lab before visiting the next lab. Good Luck!

FAQS

What is web security?

Website security refers to protecting a website or web application from cyberattacks, unauthorized access, or other security threats.

What is web application security?

Web application security means protecting a website from cyberattacks. These attacks may include vulnerabilities such as SQL injection, XSS, file inclusion, and others.

Which of the following is a good security practice for web browsing?

It is always a good practice to use an up-to-date browser with timely updates. Keep your browser plugins up-to-date, avoid malicious websites and links, and always enable 2-factor authentication while avoiding clickjacking.

How to find someone’s social security number on the dark web

Searching for someone’s social security number or credit card information on the dark web is illegal and unethical. It is important to always avoid such activities and protect yourself and others from cyber threats.

Leave a Reply