Burp Suite/SQL Injection - charlesreid1

From charlesreid1

Revision as of 16:02, 21 May 2023 by Unknown user (talk) (Created page with "This page covers how to perform SQL Injection attacks with Burp Suite. ==Burp Suite Training Labs== Lab: SQL injection vulnerability in WHERE clause allowing retrieval o...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

This page covers how to perform SQL Injection attacks with Burp Suite.

Burp Suite Training Labs

Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data https://portswigger.net/web-security/sql-injection/lab-retrieve-hidden-data

This lab contains a SQL injection vulnerability in the product category filter. When the user selects a category, the application carries out a SQL query like the following: SELECT * FROM products WHERE category = 'Gifts' AND released = 1
To solve the lab, perform a SQL injection attack that causes the application to display details of all products in any category, both released and unreleased.

Retrieved from "https://charlesreid1.com/w/index.php?title=Burp_Suite/SQL_Injection&oldid=29583"