Preparing access
Checking your lab membership...
Created 30 Aug 2025Updated 13 Feb 2026
Inventory Lookup (SQL Injection)
A Spring Boot inventory lookup endpoint builds SQL from user input, allowing attacker-controlled query logic.
java300 pts35 min
Story
You are helping the retail platform team ship a "live SKU lookup" API used by warehouse scanners and support dashboards.
During pre-production penetration testing, one test query unexpectedly returned every product in the catalog instead of one SKU.
System Context
The project is a runnable Spring Boot service with:
GET /api/products?sku=...as the main lookup pathProductControllerforwarding requests toProductRepository- an H2 in-memory database initialized from
schema.sqlanddata.sql
Problem
The SKU parameter from the request reaches query construction in a way that allows user input to shape SQL semantics. Instead of enforcing an exact lookup, crafted values can alter filter behavior and return records outside the intended scope. What should be a narrow inventory lookup endpoint becomes a general query-manipulation surface with data exposure risk.
Goal
Find the exact vulnerable line in the project code.
Recently created
Jump to the latest lab.
Files
Content locked
Join this lab to access the content.
.gitignoreplaintext