index.html contains a website that's prone to SQL Injection.
SQL Injection is a code injection technique that can be used to access databases without authorization.
Install the dependencies with
pip install -r requirements.txtRun api.py and open index.html in a browser.
Let's say the website is dealing with a database with table data that stores in a field data. An example of checking
if the code 1X4Z25 is valid could look like this
select * from data where data='1X4Z25'This sort of statement is extremely vulnerable.
The way we can test if a website is by using the escape character '. This sort of statement
could look like this:
select * from data where data='''which would throw the error unrecognized token: "'''".
On a real website, this could throw something like an unexpected error.
We can use SQL statements to complete the statement to always return something.
By using a statement like 1=1 we can return everything in the database.
Such a statement could look like this.
select * from data where data='a' OR 1=1 OR 'b'This would always validate us. By inserting a' OR 1=1 OR 'b in the text field this completes
the statement and returns a valid code.
The server can proceed to do other things with this code, even if you don't know what code you are using.
SQL Injection also works if the data is numbers. For example, a sql statement accepting only numbers
could look like this.
select * from data where data=123456Here, SQL Injection is a little bit more simple. We can test by using the escape character ',
and an example SQL Injection could look like this:
select * from data where data=123 OR 1=1Here, by entering 123 OR 1=1, we accomplish the same thing as last time.