SQLite Injection
An example web application that can be hacked using SQL injection attack. The web app uses a SQLite database.
- it has a search page
- users and passwords are stored in database
- it can be hacked using sql injection (for example using sqlmap)
Simply use this search query (for example):
' union select null, username, password from users where username like '%Try in Play with Docker
Run with docker-compose
Easiest way to run the vulnerable app is using docker-compose:
mkdir sqlite-injection
cd sqlite-injection
curl -o docker-compose.yml https://gitlab.cylab.be/cylab/play/sqlite-injection/-/raw/main/docker-compose.yml
docker-compose upAfter a few seconds, the app will be available at http://127.0.0.1:8000
Run with Docker
docker run -p 8000:80 gitlab.cylab.be:8081/cylab/play/sqlite-injectionTesting locally
You can use PHP built-in webserver to test locally:
git clone https://gitlab.cylab.be/cylab/play/sqlite-injection.git
cd sqlite-injection/public
php -S localhost:8000