https://portswigger.net/web-security/sql-injection/lab-retrieve-hidden-data
SQL Injection Lab: Exploiting the Product Category Filter 🛍️💥
This lab contains a SQL Injection vulnerability in the product category filter of a web application. When a user selects a category, the application runs an SQL query similar to the following:
SELECT * FROM products WHERE category = 'Gifts' AND released = 1
In this case, the category parameter is vulnerable to SQL Injection, and we need to exploit it. Let's walk through how to solve this lab step by step.
Steps to Exploit the Vulnerability 🕵️♂️
Step 1: Identify the Injectable Parameter 🔍
- The vulnerable parameter in this case is the
category parameter. This is where the SQL Injection vulnerability exists.
- The application takes the input (category), and the SQL query is built dynamically, meaning if we manipulate this input, we can potentially execute arbitrary SQL commands.
Step 2: Set Up Burp Suite 🛠️
- Open Burp Suite and configure it to intercept the traffic between your browser and the target application.
- Enable FoxyProxy on Firefox to redirect your traffic through Burp Suite and intercept the requests.
- Once you have Burp Suite running, enable the Intercept option, so the requests are intercepted.
Step 3: Intercept the Request 🔒
- Now, in the web application, select a category from the filter (for example, "Pets").
- The request to the server might look something like this:
- i go to the burp and try the famous payload Boolean operation
- first i try the → single quote but not valid (Pets’)
<https://0ab500d204cf056780c17bd700a700b4.web-security-academy.net/filter?category=Pets>'