Snippets Groups Projects

fix release job

Thibault Debatty authored 2 years ago

cd2a975f

cd2a975f 2 years ago

Name	Last commit	Last update
public
.gitlab-ci.yml
Dockerfile
README.md
setup-sqlite.php
sqlite-injection.png
wiki-crawl.py

SQLite Injection

An example web application that can be hacked using SQL injection attack. The web app uses a SQLite database.

it has a search page
users and passwords are stored in database
it can be hacked using sql injection (for example using sqlmap)

Simply use this search query (for example):

' union select null, username, password from users where username like '%

Running with Docker

docker run -p 8000:80 gitlab.cylab.be:8081/cylab/play/sqlite-injection

Testing locally

You can use PHP built-in webserver to test locally:

git clone https://gitlab.cylab.be/cylab/play/sqlite-injection.git
cd sqlite-injection/public
php -S localhost:8000