This application contains a SQL injection vulnerability in the product category filter.
When you select a category, the application executes a query like:
SELECT * FROM products WHERE category = 'Gifts' AND released = 1
Your goal is to perform a SQL injection attack that causes the application to display one or more unreleased products.
Hint: You need to manipulate the WHERE clause to bypass the "AND released = 1" condition.
High performance laptop
Price: $1200.00
Category: Electronics
Released: Yes
Latest model smartphone
Price: $800.00
Category: Electronics
Released: Yes
Ceramic coffee mug
Price: $15.00
Category: Home
Released: Yes
Generic gift card
Price: $25.00
Category: Gifts
Released: Yes
Learn SQL injection
Price: $40.00
Category: Books
Released: Yes