Address
304 North Cardinal St.
Dorchester Center, MA 02124

Work Hours
Monday to Friday: 7AM - 7PM
Weekend: 10AM - 5PM

SQL Injection

SQL Injection is a web security vulnerability that allows attackers to interfere with a website’s database queries by injecting malicious SQL code into input fields. This often happens when user input is not properly validated or sanitized. For example, an attacker could input a specially crafted SQL statement into a login form to bypass authentication or retrieve sensitive data like usernames and passwords. SQL Injection can lead to data breaches, unauthorized access, or even deletion of entire databases. Preventing it involves using parameterized queries, prepared statements, and input validation.

SQL injection vulnerability in WHERE clause allowing retrieval of hidden data

This lab contains a SQL injection vulnerability in the product category filter. When the user selects a category, the application carries out a SQL query like the following:

SELECT * FROM products WHERE category = 'Gifts' AND released = 1
  1. Use Burp Suite to intercept and modify the request that sets the product category filter.
  2. Modify the category parameter, giving it the value '+OR+1=1--
  3. Submit the request, and verify that the response now contains one or more unreleased products.

This lab contains a SQL injection vulnerability in the login function.

To solve the lab, perform a SQL injection attack that logs in to the application as the administrator user.

  1. Use Burp Suite to intercept and modify the login request.
  2. Modify the username parameter, giving it the value: administrator'--

UI Design

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt.

Learn More

Web Design

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt.

Learn More

Graphic Design

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt.

Learn More

Add Your Heading Text Here

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Reach out now

Trending now

Elementum Curabitur Vitaenunc Sedvelit
Adipiscing Elit Pellentesque Habitant Monroe
Porta Non Bulvinar Neque Laoreet Suspendisse
Massa Odneque Aliquam Vestibulum Morbi