Preparing access
Checking your lab membership…
Inventory Lookup (SQL Injection)
java A Spring inventory service constructs a SQL query with string concatenation, allowing SQL injection.
hard300 ptsfreejava
Overview
The Inventory microservice exposes GET /api/products?sku=... that returns product details.
A recent penetration test reported possible SQL injection via the sku parameter.
Review the data access layer and identify the vulnerable line.
src/main/java/com/example/inventory/DataSourceConfig.javajava14px