INFO LAB : →

This lab contains a SQL injection vulnerability in its stock check feature. The results from the query are returned in the application's response, so you can use a UNION attack to retrieve data from other tables.

The database contains a users table, which contains the usernames and passwords of registered users.

GOAL : →

To solve the lab, perform a SQL injection attack to retrieve the admin user's credentials, then log in to their account.

I will show you what’s the idea of this lab 💡

First we will click on the stock check and send the request to repeater
after that the injectable point for us is stored id

<storedId>1</stordeId>

if we do any thing in this tag and send to server to show if we can inject here

<storedId>1+1</stordeId>

it’s retrieve the stored Id → 2

what’s happen in SQL Query

SELECT * FROM stock WHERE store_id = 2;

ok Let’s Try to inject that

<storedId>1 UNION SELECT NULL</stordeId>

I will show you what’s the idea of this lab 💡

🚧 WAF Detection and Bypass Strategy

⚠️ Problem: