Need help creating SQL injection queries

Question

Need help creating SQL injection queries

Opened this issue 5 years ago · 2 comments

Answer 1 · 2019-08-20T21:59:01.000Z

I'm trying to use NodeGoat to teach customers about security issues, but all of the examples assume I'm going to be using Javascript. How can I make the same call with a shell script or wget/http, so they can understand what's needed? I don't have the ability to use a Javascript enabled page although I suppose I could write a node server to attack the system.

Answer 2 · 2019-08-21T11:14:36.000Z

Thanks for considering NodeGoat for your training @synedra. Current Nodegoat implementation uses server side templates to generate UI and doesn't expose REST APIs. So it doesn't provide an ability to access endpoints with shell script/wget as you are looking for.

We have an issue #38 to start supporting different architectures, which is planned for a later release (1.6.0).