Skip to content

A simple mockup of a webshop to demonstrate the sql injection vulnerability.

Notifications You must be signed in to change notification settings

lebalz/sql-injection-demo

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Demo SQL Injection

The prupose of this mockup of a simple webshop is to demonstrate the sql injection vulnerability. In this project all database queries used are intentionally vulnerable to sql injection.

Filter

The listed products can be filtered by the Blend Name. The userinput is not sanitized what makes it vulnerable for sql injections.

  • sort or filter by custom attribute
  • edit entries
  • drop table
  • drop database
  • list users from other table
  • ...

Login

The login is also not protected against sql injection. A logged in user can add items to his cart; a user with admin privileges can additionally delete items.

  • login without any credentials
  • login as admin
  • give a user admin privileges
  • ...

Recreate initial state

At the bottom of the page, there is a button , which restores a pristine db state.

Setup

Create in mysql a new user sql_injection and grant him all privileges only for the database inject_demodb. It's important to ensure no other databases are affected by the sql injection vulnerability.

CREATE USER 'sql_injection'@'%' IDENTIFIED BY 'foobar';
GRANT ALL PRIVILEGES ON `inject_demodb` . * TO 'sql_injection'@'%';
FLUSH PRIVILEGES;

Note: to be able to create a new user under dokku, check the root user:

#user:
echo root
# password:
cat /var/lib/dokku/services/mysql/app-name/ROOTPASSWORD

Create the Database inject_demodb:

CREATE DATABASE inject_demodb;

Edit the $host in the file connectdb.php.

The database host, port, username and password can be set over the following environment variables (in case you want to deploy it to a server):

SQL_INJECTION_DB_HOST="localhost"
SQL_INJECTION_DB_PORT="3306"
SQL_INJECTION_DB_USERNAME="sql_injection"
SQL_INJECTION_DB_PASSWORD="foobar"

Then serve index.php and click the a button Recreate Table which will create the table coffee in your database and seed some data. The data was created with the faker-gem by @stympy.

Dokku deploy

With dokku, the propper db management is handled by dokku itself when linking the app to mysql. The linking sets an ENV-Variable 'DATABASE_URL' which is then used to for the db connection.

$APP='sql-injection-demo'
dokku apps:create $APP
dokku mysql:create $APP
dokku mysql:link $APP $APP

dokku config:set --no-restart $APP [email protected]
dokku letsencrypt $APP

# optional expose $APP
dokku mysql:expose $APP

About

A simple mockup of a webshop to demonstrate the sql injection vulnerability.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages