Preparing access
Checking your lab membership...
Created 30 Aug 2025Updated 30 Aug 2025
Inventory Lookup (SQL Injection)
A Spring inventory service constructs a SQL query with string concatenation, allowing SQL injection.
java300 pts35 min
Overview
The Inventory microservice exposes GET /api/products?sku=... that returns product details.
A recent penetration test reported possible SQL injection via the sku parameter.
Review the data access layer and identify the vulnerable line.
Recently created
Jump to the latest lab.
Files
inventory-sql-injection-spring
Content locked
Join this lab to access the content.
src/main/java/com/example/inventory/DataSourceConfig.javajava