The Portswigger Academy defines SQL injection as following
“SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. This might include data belonging to other users, or any other data that the application itself can access. In many cases, an attacker can modify or delete this data, causing persistent changes to the application’s content or behavior.
In some situations, an attacker can escalate an SQL injection attack to compromise the underlying server or other back-end infrastructure, or perform a denial-of-service attack.”
SQL injections used to be a common and critical problem before, less so now, yet it is still can be encountered relatively frequently and a skilled attacker can cause serious issues to a web app he is targeting.
The goal of the lab is to “perform an SQL injection attack that causes the application to display details of all products in any category, both released and unreleased”. Essentially, we need the store to display everything there is in the products database. The request needed is described in the lab as follows:
`SELECT * FROM products WHERE category = ‘All’ AND released = 1`
SQL request given in the lab looks as follows
‘+OR+1=1–
It is always a good idea to familiarize yourself with the basics of the language we use for exploits. It helps speed up the process and minimize issues when you do everything right, but a small error in your code doesn’t make the exploit work.
This is a pretty simple lab that doesn’t necessarily require the use of BurpSuite since an attack can simply be performed in a browser. However, it never hurts to use BurpSuite to practice working with a tool.
We capture a request at one of the product categories and send it to the repeater. In repeater, we simply select the product category part and add SQL injection to it like so. Once it is done, we send it to the web application.
That’s it, the lab is solved and we can see all products in the database.
PS there is a very good database you can use for your exploits, courtesy of swisskyrepo. A huge help to use as a reference.
https://github.com/swisskyrepo/PayloadsAllTheThings