SQL Injection demo

110K views

SQL code injection

This is a little demonstration of a SQL injection in a simple login application. In our example, a database as been provisionned with an admin user. Their credentials are:

username: admin
password: admin123

In theory it should only be possible to login in the application using this credential, but if the application is not safely programmed, it is possible to penetrate in the system as an admin user without knowing the admin password.

Once you have played a bit with the login application and tried to used valid and invalid credential, use the following values

username: admin
password: unknown' or '1'='1

And observe carrefully the value of the SQL query displayed in the log section.

Run application

// {
var express = require('express');
var bodyParser = require('body-parser');
var sqlite3 = require('sqlite3').verbose();
var app = express();
app.use(express.static('.'));
app.use(bodyParser.urlencoded({extended: true}));
var db = new sqlite3.Database(':memory:');
db.serialize(function() {
  db.run("CREATE TABLE user (username TEXT, password TEXT, name TEXT)");
  db.run("INSERT INTO user VALUES ('admin', 'admin123', 'App Administrator')");
});
// }
app.post('/login', function (req, res) {
    var username = req.body.username; // a valid username is admin
    var password = req.body.password; // a valid password is admin123
    var query = "SELECT name FROM user where username = '" + username + "' and password = '" + password + "'";
    console.log("username: " + username);
    console.log("password: " + password);
    console.log('query: ' + query);
    
    db.get(query , function(err, row) {
        if(err) {
            console.log('ERROR', err);
            res.redirect("/index.html#error");
        } else if (!row) {
            res.redirect("/index.html#unauthorized");
        } else {
            res.send('Hello <b>' + row.name + '</b><br /><a href="/index.html">Go back to login</a>');
        }
    });
});
app.listen(3000);

Create your playground on Tech.io

This playground was created on Tech.io, our hands-on, knowledge-sharing platform for developers.

Go to tech.io

ABOUT US CAREERS PRIVACY FAQ BLOG

The #1 tech hiring platform

SCREENING INTERVIEWING

SQL code injection

Ternary Operator

File and directory management with Unix

Python from Zero to Hero

Exercice Javascript