🔐 README.md

🔓 SQL Injection Vulnerability Exploitation

This project demonstrates how a basic login system can be vulnerable to SQL Injection and how attackers can exploit this vulnerability to bypass authentication.

⚠️ This project is strictly for educational and ethical testing purposes in isolated environments. Do NOT deploy it on public servers.

---

📁 Project Structure

vulnerable\_site/
├── db.sql         # MySQL database schema and data
├── config.php     # Database configuration
├── index.php      # Home page (post login)
├── login.php      # Vulnerable login form

📁 Folder Structure

sql-injection-project/
├── vulnerable_site/
│   ├── db.sql
│   ├── index.php
│   ├── login.php
│   └── config.php
├── README.md

---

---

🧪 Setup Instructions

⚙️ Step 1: Set up local server

Use XAMPP, WAMP, or MAMP to set up a local web server.

1. Place vulnerable_site/ folder into your local web server root:
   • XAMPP: htdocs/
   • WAMP: www/

🗃️ Step 2: Import database

1. Open phpMyAdmin.
2. Create a database named: sql_injection_demo
3. Import db.sql from the project into this database.

---

🧠 Vulnerability Explanation

The login form directly inserts user input into a SQL query:

$sql = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";

If a user enters:

Username: ' OR '1'='1
Password: anything

The query becomes:

SELECT * FROM users WHERE username = '' OR '1'='1' AND password = 'anything'

This always returns true, allowing unauthorized access.

---

🚨 Exploitation Demo

Try logging in with:

• Username: ' OR '1'='1
• Password: abc

You will be logged in without knowing any actual credentials.

---

🧹 Prevention

✅ Use prepared statements or ORMs to avoid direct query injection.

Example (PDO):

$stmt = $pdo->prepare("SELECT * FROM users WHERE username = ? AND password = ?");
$stmt->execute([$username, $password]);

---

🛡️ Ethical Use Only

This is an intentionally vulnerable application. Use it to learn, not to harm. Always take consent before testing.

---