SQL GET Injection

pipeline status Latest Release Try in PwD

SQL Nice Injection

An example web application that uses nice URL that can be hacked using SQL injection attack.

You can hack this app with sqlmap, using something like this:

sqlmap.py -u "http://127.0.0.1:8000/page/57*"

Try in Play with Docker

Try in PwD

Run with docker-compose

You can run the vulnerable app using docker-compose:

mkdir sql-nice-injection
cd sql-nice-injection
curl -o docker-compose.yml https://gitlab.cylab.be/cylab/play/sql-nice-injection/-/raw/main/docker-compose.yml
docker-compose up

After a few seconds, the app will be available at http://127.0.0.1:8000

Local testing

The repository has a docker-compose-dev.yml that you can use to test or contribute:

git clone https://gitlab.cylab.be/cylab/play/sql-nice-injection.git
cd sql-nice-injection
docker-compose -f docker-compose-dev.yml up
This website uses cookies. More information about the use of cookies is available in the cookies policy.
Accept