This is Information Security and Audit Project (https://github.com/Regaron/isa.git) doing SQL injection where the api returns only Released Products
but SQL Injection
can be done to return Other Data
.
The app is deployed at https://isa-three.vercel.app/ where it can be tested without setting up the local environment.
You can start injecting in the home page by selecting from Attack Dropdown
and pressing Start Button
.
Payload Injection can be accessed on https://isa-three.vercel.app/payload or from the Navbar
. This page can be used to Upload File with SQL Injection Statement
to perform the attack or Predefined Payload
can be injected by pressing Default Payload Button
.
The data obtained for each SQL Query
can be seen by clicking on the Corresponding Card
,
- Node.js 12 or later
- PostgreSQL
- npm (installed with Node.js) or yarn
First, install the package:
npm install
# or
yarn install
Then, enter database credentials in .env file as:
DATABASE_URL=postgresql://USER:PASSWORD@HOST:PORT/DATABASE
.
Example:
DATABASE_URL=postgresql://ravi:076mscsk009@localhost:5432/sqlinjection
Then, run database migration:
npm run prisma db push
# or
yarn prisma db push
and
npm run prisma generate
# or
yarn prisma generate
Build the project using:
npm run build
#or
yarn build
Start the app using:
npm run start
#or
yarn start
After the server starts open http://localhost:3000/api/seed once with your browser to fill data into database.
Open http://localhost:3000 with your browser to see the homepage.
The pages/api/search
directory is the api for our app which returns only Released Products
but SQL Injection
can be done to return other data.
The public/payload.txt
is the SQL Query
used as Default Payload
in Payload Injection Page
.