SQL GET Injection
An example web application that can be hacked using SQL injection attack. The app uses a MySQL database, and parameters are sent using a GET parameter.
- it has a search page
- users and passwords are stored in database
- it can be hacked using sql injection (for example using sqlmap)
Simply use this search query (for example):
abc' union select null, username, password from users where username like '%Try in Play with Docker
Run with docker-compose
You can run the vulnerable app using docker-compose:
mkdir sql-get-injection
cd sql-get-injection
curl -o docker-compose.yml https://gitlab.cylab.be/cylab/play/sql-get-injection/-/raw/main/docker-compose.yml
docker-compose upAfter a few seconds, the app will be available at http://127.0.0.1:8000
Local testing
The repository has a docker-compose-dev.yml that you can use to test or contribute:
git clone https://gitlab.cylab.be/cylab/play/sql-get-injection.git
cd sql-get-injection
docker-compose -f docker-compose-dev.yml up