This example site shows vulnerabilities in SQL Injection and XSS Injection.
-
Install .NET Core 3.0 or newer from https://dotnet.microsoft.com/download
-
Install SQL Server from https://www.microsoft.com/en-us/sql-server/sql-server-downloads (developer edition and express edition are free) or from https://hub.docker.com/_/microsoft-mssql-server
-
Clone or download this repository
-
Use the files in the
sql
directory to create a database in SQL Server -
Set the connection string in
app/appsettings.json
(see https://www.connectionstrings.com/sql-server/) -
Either run
InsecureWebsite.sln
from Visual Studio ordotnet run
from the command line -
Open http://localhost:5000/ in a browser to begin exploring
Copyright @ 2019 Richardson & Sons, LLC
License: MIT