Skip to content
/ sqli-express-sqlite Public
forked from 0xdbe-appsec/sqli-express-sqlite

This application is a demonstration prototype just to show how to perform SQLi attack.

License

MIT license
0 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

octo-technology/sqli-express-sqlite

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
static
static
 
 
view
view
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
app.js
app.js
 
 
app.json
app.json
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 

Repository files navigation

SQL injection with Express and sqlite

This application is a demonstration prototype just to show how to perform SQLi attack.

Install

  • Install nodejs

  • Install dependencies

$ npm install
  • Start application
$ npm start

Tutorial

Always True SQLi

Open http://localhost:3000/ and log in with:

  • username: ' or '1'='1
  • password: ' or '1'='1
SELECT name FROM user where username = '' or '1'='1' and password = '' or '1'='1'

You are now log in as "User", but you can do better!

SQLi with comment

Open http://localhost:3000/ and log in with:

  • username: admin'--
  • password: a
SELECT name FROM user where username = 'admin' --' and password = 'a'

You are now log in as "Admin"

Fix it

use prepared statement

About

This application is a demonstration prototype just to show how to perform SQLi attack.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 66.3%
  • CSS 22.4%
  • Pug 11.3%