Preparing access
Checking your lab membership...
Inventory Lookup (SQL Injection)
java A Spring inventory service constructs a SQL query with string concatenation, allowing SQL injection.
hardjava
Overview
The Inventory microservice exposes GET /api/products?sku=... that returns product details.
A recent penetration test reported possible SQL injection via the sku parameter.
Review the data access layer and identify the vulnerable line.
Content locked
Join this lab to access the content.
src/main/java/com/example/inventory/DataSourceConfig.javajava