SQL Injection - Labs
Lab 1 - SQL injection vulnerability in WHERE clause allowing retrieval of hidden data We need to retrieve hidden data so we search query’s in the web where we can inject some sql injection payloads We can see that the request is filtering the data by category, and we are asked to show the hidden elements, so we assume that there is a parameter that hides the elements. We try the following payload that will show the elements of all categories and we will comment out the rest of the query so that it does not filter by hidden or visible elements: ...