Skip to content

vong0/SQL_injections

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
install
install
 
 
static
static
 
 
templates
templates
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
inject.sql
inject.sql
 
 
run.py
run.py
 
 

Repository files navigation

SQL Injections

This repo contains a complete application to perform SQL injections.

  • The application is a course finder that searches through a database called "unsw" (unsw.sql)
  • The python code then returns the results and renders them for a web browser

This application was used in the following videos:

Installation

Requirements: Python 3

# run the script for your platform
./install/linux.sh
./install/mac.sh

# common steps
./install/initdb.sh
python3 -m pip install psycopg2-binary flask

Execution

# run server with unsafe sql query
python3 run.py

# run server resistant to sql injections
python3 run.py --use-safe

# a walkthrough of the thought process of running sql 
# injections can be found in the inject.sql file

Inspecting Database

# list all databases
psql -l

# enter our database
psql unsw
\d          # list tables
\d people   # list schema of 'people' table
\q          # exit out of psql shell

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages