SQL Injection Sample

Lucas Rennó Kallás

☀️ This is a simple SQL Injection Sample and you can bypass the login page of this site.

I used Knex with SQLITE3 database.

This repository represents a sample of database fault due to the everyone can abuse the problem of a select in the database and use SQL Injection to connect to an account. This project was made to Database II subject, to test a security failure.

💾 Requirements

▶️ I used Yarn to install packages:

YARN.

🔽 Downloads:

Some dependencies to download (with Yarn).

📣 Web:

yarn add react-router-dom @types/react-router-dom yarn add react @types/react yarn add react-dom @types/react-dom yarn add axios @types/axios

📣 Server:

yarn add node @types/node yarn add ts-node-dev -D yarn add knex sqlite3 yarn add typescript -D yarn add cors @types/cors express @types/express

💥 Starting it

⭐ WEB:

Go to the 'web' folder and put:

yarn start

⭐ SERVER:

Go to the 'server' folder and put:

yarn start

🔡 How it works

First start the server and after that start the web in different terminals/command prompts, after that acess 'localhost:3000' in your browser.

The login page will appear like this:

So, find a way to access the next page.

When you have found a way to pass the form, the following message will appear:

Be aware that you can't access the next page just typing it at the page URL, like: 'localhost:3000/admin', if you do this, the following message will appear:

The API host is 'localhost:3333', note that the post method is disabled and the only method available is get. This method receives a query with the username and the password.
You can test some combinations by sending to 'http://localhost:3333/?username=yourUsername&password=yourPass' and the API will return a JSON. Example of the reponse are below.

⛄ FAILURE:

{ "success": 0 }

⚡ SUCCESS:

{ "success": 1 }

🔓 Where is the problem?

Specifically, the problem is in LoginController class at 'server/src/controllers/LoginController.ts'. Get method starts the 'index' function in that class, and this function is just reading the query and putting the data from it at a string that will select something at 'login' table with the username and password which are on the input. If you want to eliminate SQL Injection attacks from the site, just change this file LoginController.ts at these rows:

✌️ Want to test?

Make a fork

Good hacking 😉

lucasrennok / sqlinjectionsample Goto Github PK