Skip to content
/ sqli-django-postgresql Public

This application is a demonstration prototype just to show how to perform SQLi attack.

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

0xdbe-appsec/sqli-django-postgresql

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
sqli
sqli
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Pipfile
Pipfile
 
 
Pipfile.lock
Pipfile.lock
 
 
README.md
README.md
 
 

Repository files navigation

SQL Injection with Django

This application is a demonstration prototype just to show how to perform SQLi attack.

Install

  • Setup postgresql database
sudo -u postgres createuser -P me
sudo -u postgres createdb -O me data
export PGPASSWORD=******
  • Install
pipenv install
  • run
pipenv shell
cd sqli
python manage.py runserver

Hack

Open http://localhost:8000/?user=me

Find SQL injection to see all tasks (not only for one user).

Fix

Create a new branch and try to fix this SQL Injection.

To see solution:

git checkout fix

About

This application is a demonstration prototype just to show how to perform SQLi attack.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages