Simple code to demo how SQL injection works, and how it can be addressed
Python version - 3.6+
Ensure the pysqlite package is installed (should be there by default)
Create the initial Data base with a few users to test the program. User creation can be done through 'python create_db.py'.
Start the program using python app.py
. Rest is fairly straightforward
- For login workflow, Set password to
p' or 1=1
- For login workflow, set password to
p' union select * from users --
- For query user workflow, set user id to
100 or 1=1
- For query user workflow, set user id to
100 union select * from users
A few of the vulnerabilties are blocked, and it is slightly more secure
- For login workflow, there are no simple injections possible.
- For query user workflow, set user id to
100 or 1=1
- For query user workflow, set user id to
100 UniOn selselectect * from users
Gaining information is not possible, but server can be crashed
- For the query user workflow, set userid to
0x313030206f722031203d2031
(This is a hex representation of100 or 1 = 1
). Since the number is too big for SQLite, it cause a crash of the program.
None