Skip to content

lucasrennok/SQLInjectionSample

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits

readme_imgs

readme_imgs

 
 

server

server

 
 

web

web

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Repository files navigation

SQL Injection Sample

Lucas Rennó Kallás

☀️ This is a simple SQL Injection Sample and you can bypass the login page of this site.

I used Knex with SQLITE3 database.

This repository represents a sample of database fault due to the everyone can abuse the problem of a select in the database and use SQL Injection to connect to an account. This project was made to Database II subject, to test a security failure.

💾 Requirements

▶️ I used Yarn to install packages:

  • YARN.

🔽 Downloads:

Some dependencies to download (with Yarn).

📣 Web:

yarn add react-router-dom @types/react-router-dom yarn add react @types/react yarn add react-dom @types/react-dom yarn add axios @types/axios

📣 Server:

yarn add node @types/node yarn add ts-node-dev -D yarn add knex sqlite3 yarn add typescript -D yarn add cors @types/cors express @types/express

💥 Starting it

⭐ WEB:

Go to the 'web' folder and put:

yarn start

⭐ SERVER:

Go to the 'server' folder and put:

yarn start

🔡 How it works

First start the server and after that start the web in different terminals/command prompts, after that acess 'localhost:3000' in your browser.

The login page will appear like this:

login page

So, find a way to access the next page.

When you have found a way to pass the form, the following message will appear:

success page

Be aware that you can't access the next page just typing it at the page URL, like: 'localhost:3000/admin', if you do this, the following message will appear:

error page

The API host is 'localhost:3333', note that the post method is disabled and the only method available is get. This method receives a query with the username and the password.
You can test some combinations by sending to 'http://localhost:3333/?username=yourUsername&password=yourPass' and the API will return a JSON. Example of the reponse are below.

⛄ FAILURE:

{ "success": 0 }

⚡ SUCCESS:

{ "success": 1 }

🔓 Where is the problem?

Specifically, the problem is in LoginController class at 'server/src/controllers/LoginController.ts'. Get method starts the 'index' function in that class, and this function is just reading the query and putting the data from it at a string that will select something at 'login' table with the username and password which are on the input. If you want to eliminate SQL Injection attacks from the site, just change this file LoginController.ts at these rows:

changes

✌️ Want to test?

  • Make a fork

Good hacking 😉

About

An application that can be exploited by SQL Injection.

Topics

typescript reactjs postgresql exploitation sqlinjection sample-tests

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages