filmov
tv
SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
Показать описание
This lab contains an SQL injection vulnerability in the product category filter. When the user selects a category, the application carries out an SQL query like the following:
SELECT * FROM products WHERE category = 'Gifts' AND released = 1
To solve the lab, perform an SQL injection attack that causes the application to display details of all products in any category, both released and unreleased.
#bugbounty
SELECT * FROM products WHERE category = 'Gifts' AND released = 1
To solve the lab, perform an SQL injection attack that causes the application to display details of all products in any category, both released and unreleased.
#bugbounty
0:01:38
0:00:33
0:02:39
0:07:05
0:10:14
0:00:48
0:00:36
0:05:09
0:17:15
0:01:46
0:00:55
0:13:28
0:01:15
0:11:06
0:09:43
0:00:13
0:06:58
0:03:18
0:04:41
0:10:54
0:00:49
0:00:16
0:06:42
0:23:22