A vulnerable web application for testing blind SQL injection. Do not use this code in production applications. It is dangerous.
- SQL injection. See if you can recover arbitrary values from the
api_tokens
table. - XSS
main.py
is a good place to start.