jali/sql-injection-test
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Implemented SQL injection attackable service

Browse Source
This commit is contained in:
Alexander Noack
2023-04-20 23:17:34 +02:00
parent c234ec6806
commit aa8d4f4036
10 changed files with 213 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
Readme.md Normal file
View File

@@ -0,0 +1,23 @@
# Sql-Injection-Test
> Version: 1.0.23110.1 \
> Created by: Jali<jali@orca-central.de>
> Last Modified by: Jali<jali@orca-central.de>
## About
This project implements a very simple web-service, that is vulnerable to an SQL
injection attack. In this case a simple web-page is protected by a user name and
password, and the password is checked by requesting the user name and password
from the database, and check if they exist. If they do, users are granted access
to the web-page, if not they are thrown back to the login page.
The SQL queries, however, are vulnerable to SQL injection. So a user can gain
access by simply putting a statement such as
```wurst' OR '1'='1```
into the password field. The where clause '1'='1' will always be true, and
therefore the statement always returns a list of all possible users.
The example creates an in memory database with users Alice and Bob.