SQL injection lab #1 #2 #3 | Portswigger | web-security-labs

Описание

Lab #1 : SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
This lab contains an SQL injection vulnerability in the product category filter. When the user selects a category, the application carries out an SQL query like the following:
SELECT * FROM products WHERE category = 'Gifts' AND released = 1

To solve the lab, perform an SQL injection attack that causes the application to display details of all products in any category, both released and unreleased.

Lab #2 : SQL injection vulnerability allowing login bypass

This lab contains an SQL injection vulnerability in the login function.

To solve the lab, perform an SQL injection attack that logs in to the application as the administrator user.

Lab #3 : SQL injection UNION attack, determining the number of columns returned by the query

This lab contains an SQL injection vulnerability in the product category filter. The results from the query are returned in the application's response, so you can use a UNION attack to retrieve data from other tables. The first step of such an attack is to determine the number of columns that are being returned by the query. You will then use this technique in subsequent labs to construct the full attack.

To solve the lab, determine the number of columns returned by the query by performing an SQL injection UNION attack that returns an additional row containing null values.

All labs url : https://portswigger.net/web-security/all-labs/


website ? https://foxfoster.com

SQL notes : https://acrobat.adobe.com/link/track?uri=urn:aaid:scds:US:bcb40080-798a-4de4-bae6-ae3f5e223cd0

follow me on LinkedIn. https://www.linkedin.com/in/goverdhan...

and Instagram https://instagram.com/pan_goverdhan

https://instagram.com/1001_fox