Skip to content
Snippets Groups Projects
Select Git revision
  • main default protected
  • 1.1.0
  • 1.0.0
  • 0.0.5
  • 0.0.4
  • 0.0.3
  • 0.0.2
  • 0.0.1
8 results
Compare
Name Last commit Last update
public
.gitlab-ci.yml
Dockerfile
LICENSE
README.md
db.sqlite
docker-compose.yml
setup-sqlite.php
sqlite-injection.png
try-in-play-with-docker-blue.svg
wiki-crawl.py
README.md

SQLite Injection

pipeline status Latest Release Try in PwD

SQLite Injection

An example web application that can be hacked using SQL injection attack. The web app uses a SQLite database.

  • it has a search page
  • users and passwords are stored in database
  • it can be hacked using sql injection (for example using sqlmap)

Simply use this search query (for example):

' union select null, username, password from users where username like '%

Try in Play with Docker

Try in PwD

Run with docker-compose

Easiest way to run the vulnerable app is using docker-compose:

mkdir sqlite-injection
cd sqlite-injection
curl -o docker-compose.yml https://gitlab.cylab.be/cylab/play/sqlite-injection/-/raw/main/docker-compose.yml
docker-compose up

After a few seconds, the app will be available at http://127.0.0.1:8000

Run with Docker

docker run -p 8000:80 gitlab.cylab.be:8081/cylab/play/sqlite-injection

Testing locally

You can use PHP built-in webserver to test locally:

git clone https://gitlab.cylab.be/cylab/play/sqlite-injection.git
cd sqlite-injection/public
php -S localhost:8000