GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → appsecco → sqlinjection-training-app

appsecco / sqlinjection-training-app

Licence: MIT License
A simple PHP application to learn SQL Injection detection and exploitation techniques.

Programming Languages

PHP
23972 projects - #3 most used programming language
CSS
56736 projects
Dockerfile
14818 projects

Labels

exploitsql-injectionapplication-securityweb-securityappsecvulnerable-web-appowasp-top-10owasp-top-tenvulnerable-appstraining-app

Projects that are alternatives of or similar to sqlinjection-training-app

Juice Shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Stars: ✭ 6,270 (+11096.43%)
Mutual labels:  application-security, appsec, owasp-top-10, owasp-top-ten
juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Stars: ✭ 7,533 (+13351.79%)
Mutual labels:  application-security, appsec, owasp-top-10, owasp-top-ten
vapi
vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.
Stars: ✭ 674 (+1103.57%)
Mutual labels:  appsec, owasp-top-10, owasp-top-ten
diwa
A Deliberately Insecure Web Application
Stars: ✭ 32 (-42.86%)
Mutual labels:  sql-injection, web-security, owasp-top-10
Mssqli Duet
SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing
Stars: ✭ 82 (+46.43%)
Mutual labels:  sql-injection, application-security
Janusec
Janusec Application Gateway, Provides Fast and Secure Application Delivery. JANUSEC应用网关,提供快速、安全的应用交付。
Stars: ✭ 771 (+1276.79%)
Mutual labels:  sql-injection, application-security
Blisqy
Version 0.2 - Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB).
Stars: ✭ 179 (+219.64%)
Mutual labels:  sql-injection, appsec
cyber-gym
Deliberately vulnerable scripts for Web Security training
Stars: ✭ 19 (-66.07%)
Mutual labels:  sql-injection, web-security
Securityrat
OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development
Stars: ✭ 115 (+105.36%)
Mutual labels:  application-security, appsec
Prestashop Cve 2018 19126
PrestaShop (1.6.x <= 1.6.1.23 or 1.7.x <= 1.7.4.4) Back Office Remote Code Execution (CVE-2018-19126)
Stars: ✭ 37 (-33.93%)
Mutual labels:  exploit, web-security
Hackvault
A container repository for my public web hacks!
Stars: ✭ 1,364 (+2335.71%)
Mutual labels:  exploit, web-security
W3af
w3af: web application attack and audit framework, the open source web vulnerability scanner.
Stars: ✭ 3,804 (+6692.86%)
Mutual labels:  sql-injection, appsec
Rfi Lfi Payload List
🎯 RFI/LFI Payload List
Stars: ✭ 202 (+260.71%)
Mutual labels:  application-security, appsec
Hacker101
Source code for Hacker101.com - a free online web and mobile security class.
Stars: ✭ 12,246 (+21767.86%)
Mutual labels:  sql-injection, web-security
Web Methodology
Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki
Stars: ✭ 142 (+153.57%)
Mutual labels:  application-security, appsec
Sap exploit
Here you can get full exploit for SAP NetWeaver AS JAVA
Stars: ✭ 60 (+7.14%)
Mutual labels:  exploit, sql-injection
Resources-for-Application-Security
Some good resources for getting started with application security
Stars: ✭ 97 (+73.21%)
Mutual labels:  application-security, appsec
nerdbug
Full Nuclei automation script with logic explanation.
Stars: ✭ 153 (+173.21%)
Mutual labels:  application-security, appsec
Bulwark
An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
Stars: ✭ 113 (+101.79%)
Mutual labels:  application-security, appsec
solutions-bwapp
In progress rough solutions to bWAPP / bee-box
Stars: ✭ 158 (+182.14%)
Mutual labels:  sql-injection, appsec
View All Similar Projects ➔

Simple SQL Injection Training App

Introduction

This is an extremely vulnerable application. Please do not deploy in production or host it on the Internet. You are responsible for this application and what you do with it.

This is a simple PHP application with multiple pages to demonstrate and learn SQL Injection.

The PHP code is extremely primitive but clearly demonstrates the vulnerability and can be used to teach the various kinds of SQL injection in a hands-on class.

Pre-requisites

  • docker
  • docker-compose

Setup

  • Clone this repository
  • Run docker-compose up in the root of the repo where the docker-compose.yml file is present
  • Go to http://127.0.0.1:8000/resetdb.php to create the database and tables within the application.

DB variables

If you wish to change the password of the root user when starting the containers, then the following files need to be updated with the new password that you choose

  • edit the value of MYSQL_ROOT_PASSWORD in docker-compose.yml
  • edit the value of $DBPASS in db_config.php
  • edit the value of $DBPASS in resetdb.php

Walkthrough

The different inputs for each of the links can be found in walkthrough.md

Reset DB

To reset the database, navigate to /resetdb.php

Database export

The sqlitraining.sql file contains the entire database as an export. This file can be reviewed to see what the DB looks like in terms of the tables and data within.

Get in touch!

  • Pull requests are welcome
  • Send us ideas and suggestions or feedback at [email protected]
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].