jali/sql-injection-test
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
main
sql-injection-test/Readme.md

896 B
Raw Permalink Blame History

Sql-Injection-Test

Version: 1.0.23110.1
Created by: Jalijali@orca-central.de Last Modified by: Jalijali@orca-central.de

About

This project implements a very simple web-service, that is vulnerable to an SQL injection attack. In this case a simple web-page is protected by a user name and password, and the password is checked by requesting the user name and password from the database, and check if they exist. If they do, users are granted access to the web-page, if not they are thrown back to the login page.

The SQL queries, however, are vulnerable to SQL injection. So a user can gain access by simply putting a statement such as

wurst' OR '1'='1

into the password field. The where clause '1'='1' will always be true, and therefore the statement always returns a list of all possible users.

The example creates an in memory database with users Alice and Bob.