This is Information Security and Audit Project (https://github.com/Regaron/isa.git) doing SQL injection where the api returns only Released Products but SQL Injection can be done to return Other Data.

The app is deployed at https://isa-three.vercel.app/ where it can be tested without setting up the local environment.

You can start injecting in the home page by selecting from Attack Dropdown and pressing Start Button.

Payload Injection can be accessed on https://isa-three.vercel.app/payload or from the Navbar. This page can be used to Upload File with SQL Injection Statement to perform the attack or Predefined Payload can be injected by pressing Default Payload Button. The data obtained for each SQL Query can be seen by clicking on the Corresponding Card,

• Node.js 12 or later
• PostgreSQL
• npm (installed with Node.js) or yarn

First, install the package:

npm install
# or
yarn install

Then, enter database credentials in .env file as:

DATABASE_URL=postgresql://USER:PASSWORD@HOST:PORT/DATABASE.

Example:

DATABASE_URL=postgresql://ravi:076mscsk009@localhost:5432/sqlinjection

Then, run database migration:

npm run prisma db push
# or
yarn prisma db push

and

npm run prisma generate
# or
yarn prisma generate

Build the project using:

npm run build
#or
yarn build

Start the app using:

npm run start
#or
yarn start

After the server starts open http://localhost:3000/api/seed once with your browser to fill data into database.

Open http://localhost:3000 with your browser to see the homepage.

The pages/api/search directory is the api for our app which returns only Released Products but SQL Injection can be done to return other data.

The public/payload.txt is the SQL Query used as Default Payload in Payload Injection Page.