An example web application that can be hacked using SQL injection attack. The app uses a MySQL database.
Simply use this search query (for example):
abc' union select null, username, password from users where username like '%
You can run the vulnerable app using docker-compose:
mkdir sql-injection
cd sql-injection
curl -o docker-compose.yml https://gitlab.cylab.be/cylab/play/sql-injection/-/raw/main/docker-compose.yml
docker-compose up
After a few seconds, the app will be available at http://127.0.0.1:8000
The repository has a docker-compose-dev.yml
that you can use to test or contribute:
git clone https://gitlab.cylab.be/cylab/play/sql-injection.git
cd sql-injection
docker-compose -f docker-compose-dev.yml up