/sql-inject-demo

a sample project to demonstrate SQL injection vulnerability

Primary LanguageJava

This demo vulnerable RestAPI was forked from

https://github.com/CC11001100/sql-inject-demo

Technlogy Stack

  • Java
  • Spring Boot
  • Spring MVC
  • JdbcTemplate

How to build?

mvn clean install

Sample http GET request

Request

http://localhost:8080/user/login?username=foo&passwd=bar

Response

 {"code":0,"data":false}

Prequisite

create the database using mysql Command line:

DROP DATABASE IF EXISTS sql_inject_demo;
CREATE DATABASE sql_inject_demo;
USE sql_inject_demo;

DROP TABLE IF EXISTS t_user;
CREATE TABLE t_user(
    id BIGINT PRIMARY KEY AUTO_INCREMENT,
    username VARCHAR(100) COMMENT 'username',
    passwd CHAR(32) COMMENT 'password'
) CHARSET UTF8;

INSERT INTO t_user (username, passwd) VALUES ('admin', MD5('admin'));

notes

please check application.properties to verify the DB connection string and user credentials are correct.

test trigger