Lab #1 SQL injection vulnerability in WHERE clause allowing retrieval of hidden data

In this video, we cover Lab #1 in the SQL injection track of the Web Security Academy. This lab contains an SQL injection vulnerability in the product category filter. To solve the lab, we perform a SQL injection attack that causes the application to display details of all products in any category, both released and unreleased.


▬ 🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬

Python script: https://github.com/rkhal101/Web-Security-Academy/blob/main/sql-injection/lab-01/sqli-lab-01.py

Notes.txt document: https://github.com/rkhal101/Web-Security-Academy-Series/blob/main/sql-injection/lab-01/notes.txt

Web Security Academy Lab Exercise: https://portswigger.net/web-security/sql-injection/lab-retrieve-hidden-data

Rana's Twitter account: https://twitter.com/rana__khalil