This project is a fun and educational web application designed to help you understand and practice SQL Injection vulnerabilities. The frontend simulates a simple pizza ordering page, but hidden in the database is a coupon code for a 100% discount. The goal of this challenge is to exploit a SQL injection vulnerability to extract the hidden coupon code and get your pizza order for free!
⚠️ Disclaimer: This project is for educational purposes only. Always ensure you have permission before attempting security testing, and never perform SQL injection or other attacks on systems without authorization.
- Understand how SQL Injection vulnerabilities arise.
- Practice exploiting SQL Injection to retrieve sensitive data.
- Learn about secure coding practices to prevent SQL Injection.
The frontend is a simple HTML-based pizza order form. When redeeming a coupon, user input is sent to the backend where SQL queries are executed. Your goal is to find and exploit an SQL Injection vulnerability to reveal the 100% off coupon code hidden in the database.
- Clone the repo
- docker compose up
- Clone the repo
- Install the requirements via "pip install -r requirements.txt"
- Start a Postgres Docker Container via: "docker run -d --name my_postgres_container -e POSTGRES_USER=myuser -e POSTGRES_PASSWORD=mypassword -e POSTGRES_DB=postgres -p 5432:5432 postgres"
- Set the Environment Variable IP & POSTGRES_PASSWORD "export IP=" and "export POSTGRES_PASSWORD = " 5.Load the init.sql into the database
- Start the server via "python3 app.py"
- Method GET
- Description Returns the frontend
- Method GET
- Description Returns the scoreboard