< Back





15. SQL injection with filter bypass via XML encoding

This lab contains a SQL injection vulnerability wherein the /product/stock API uses XML to read SQL
query parameters. These are directly passed to the SQL backend, however, a WAF exists that detects
if a SQL injection attack is being attempted and blocks the request.

To bypass this, we use HTML entity encoding to encode our SQL injection payload. These HTML entities
bypass the WAF, and then are processed by the server and sent to the SQL backend. Using this, we can
leak the administrator's password to login.


Solution